Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > GDPR: DIGITAL AGENCY OUTLINES WHAT BUSINESSES NEED TO BE DOING NOW

GDPR: DIGITAL AGENCY OUTLINES WHAT BUSINESSES NEED TO BE DOING NOW

Published by Gbaf News

Posted on August 9, 2017

6 min read

Last updated: January 21, 2026

Oil prices decline amidst economic slowdown concerns affecting fuel demand - Global Banking & Finance Review — This image illustrates the recent decline in oil prices due to concerns over economic slowdown and reduced fuel demand, highlighting key factors affecting the market.

16i, a Cheltenham-based digital design agency, has outlined what businesses need to be doing now if they want to be ready for the incoming General Data Production Regulation (GDPR) – something set to affect all businesses that handle personal data.

Almost all businesses will have to take action to ensure they comply with the legal requirements around people’s personal data, with GDPR set to come into force in May 2018.

To help companies prepare, 16i has outlined the key things businesses need to be doing now to ensure compliance.

Alex Clough, the managing director of 16i, said: “GDPR, at the moment, is something that businesses may have heard of, but not actioned. By May, however, businesses will need to have acted to ensure they’re ready to meet the core requirements of the legislation. We hope to help businesses understand the principle of what they need to do to achieve this.”

Below, 16i has outlined the key steps businesses need to undertake immediately to facilitate compliance:

Make the team aware

While GDPR has received a lot of press coverage, not everyone is aware of the changes. Businesses need to make sure to raise the topic with their team to ensure they know about both the risks – and the opportunities.

Review contracts to see which ones would need to be amended

GDPR will require suppliers and customers to review supply chains and current contracts, so renegotiations may be required. Equally, commercial terms will inevitably have to be revisited given the increased costs of compliance and higher risks of non-compliance.

Identify data flow

An important step towards compliance is to review an organisation’s data flow. This allows firms to identify the location, access and ownership of data; whilst classifying the type of data an organisation holds.

Key questions that every organisation should address include:

What ‘personal’ data is being processed?
Are existing processing methods compliant?
Where is data being held and how does it flow through the organisation?
Are there adequate controls in place surrounding movement and storage?
Who in the organisation owns the data?
Who can access the data?
Who, if anyone, is it being shared with, both internally and externally?

Revisit data sharing protocols
Mostorganisations carry out some form of data sharing, typically between either group organisations or with external third parties. However, if the data being shared is ‘personal data’, additional steps will need to be taken to ensure individuals are provided with all the relevant information (relating to how the data is shared) at the right time.

Clear out data
Once data flows and protocols have been assessed, any personal data which is no longer required should be cleared out. The less personal data held, the easier compliance will be (although records should be made of which data was removed and why).

Update data collection methods
Finally, and at a very basic level, look to update data collection methods. Remember, any changes should ensure that the individual is informed (e.g. is aware of who, when, how and what the personal data is intended for), that consent has been freely given, and that it is a result of positive opt-in (e.g. no pre-ticked boxes or default options have been used).

Alex Clough concludes: “Businesses really can’t afford to wait until a couple of weeks before the deadline – they need to be taking action immediately to facilitate a smooth process further down the line, otherwise they could find themselves acting outside legal boundaries, with potentially serious repercussions.”

16i, a Cheltenham-based digital design agency, has outlined what businesses need to be doing now if they want to be ready for the incoming General Data Production Regulation (GDPR) – something set to affect all businesses that handle personal data.

Almost all businesses will have to take action to ensure they comply with the legal requirements around people’s personal data, with GDPR set to come into force in May 2018.

To help companies prepare, 16i has outlined the key things businesses need to be doing now to ensure compliance.

Alex Clough, the managing director of 16i, said: “GDPR, at the moment, is something that businesses may have heard of, but not actioned. By May, however, businesses will need to have acted to ensure they’re ready to meet the core requirements of the legislation. We hope to help businesses understand the principle of what they need to do to achieve this.”

Below, 16i has outlined the key steps businesses need to undertake immediately to facilitate compliance:

Make the team aware

While GDPR has received a lot of press coverage, not everyone is aware of the changes. Businesses need to make sure to raise the topic with their team to ensure they know about both the risks – and the opportunities.

Review contracts to see which ones would need to be amended

GDPR will require suppliers and customers to review supply chains and current contracts, so renegotiations may be required. Equally, commercial terms will inevitably have to be revisited given the increased costs of compliance and higher risks of non-compliance.

Identify data flow

An important step towards compliance is to review an organisation’s data flow. This allows firms to identify the location, access and ownership of data; whilst classifying the type of data an organisation holds.

Key questions that every organisation should address include:

What ‘personal’ data is being processed?
Are existing processing methods compliant?
Where is data being held and how does it flow through the organisation?
Are there adequate controls in place surrounding movement and storage?
Who in the organisation owns the data?
Who can access the data?
Who, if anyone, is it being shared with, both internally and externally?

Revisit data sharing protocols
Mostorganisations carry out some form of data sharing, typically between either group organisations or with external third parties. However, if the data being shared is ‘personal data’, additional steps will need to be taken to ensure individuals are provided with all the relevant information (relating to how the data is shared) at the right time.

Clear out data
Once data flows and protocols have been assessed, any personal data which is no longer required should be cleared out. The less personal data held, the easier compliance will be (although records should be made of which data was removed and why).

Update data collection methods
Finally, and at a very basic level, look to update data collection methods. Remember, any changes should ensure that the individual is informed (e.g. is aware of who, when, how and what the personal data is intended for), that consent has been freely given, and that it is a result of positive opt-in (e.g. no pre-ticked boxes or default options have been used).

Alex Clough concludes: “Businesses really can’t afford to wait until a couple of weeks before the deadline – they need to be taking action immediately to facilitate a smooth process further down the line, otherwise they could find themselves acting outside legal boundaries, with potentially serious repercussions.”