General Data Protection Regulation
General Data Protection Regulation

General Data Protection Regulation

The GDPR will apply to all companies processing data from people living in the EU, with financial penalties for non-compliance. Make sure you're ready for the enforcement deadline of 25 May by attending one of the GDPR workshops, provided by The North East Growth Hub. 

How might the GDPR affect my business?

The aim of the GDPR is to protect all EU citizens in an increasingly data-driven and electronically organised world. Among other things:

  • You will need to demonstrate that you have obtained explicit consent for processing sensitive personal data.
  • The Right to Access means you must be able to provide people with a copy of their personal data you are using, free of charge, in an electronic format.
  • The Right to be Forgotten means people are entitled to have their personal data erased, and/or removed from use, including by third parties and on social media platforms.

Who does the GDPR apply to?

  • The GDPR applies to ‘controllers’ and ‘processors’. 
  • A controller determines the purposes and means of processing personal data.
  • A processor is responsible for processing personal data on behalf of a controller.
  • If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
  • However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
  • The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
  • The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

How can I make sure my business is GDPR compliant?

The Information Comissioner's Office has published a free online guide to the GDPR, and you can read more at Once you have an overview, check out the training and workshops available through Growth Hub to get your business ready and avoid inadvertent penalties.