Unless you’ve been on a total digital detox over the last few weeks, no doubt you will have been inundated with emails from companies explaining that they are making changes to their privacy policies. These changes are being driven by a new ruling from the Council of European Union, European Parliament and European Commission called the General Data Protection Regulation (GDPR)


What is GDPR?

GDPR is a ruling designed to protect the data of citizens within the European Union. Essentially GDPR offers a way for people to take more control of the way their data is used and applies to any company that holds personal data of EU citizens, regardless of where that company is based.


The penalty for non-compliance with GDPR? Up to €20 million or 4% of annual turnover, whichever is the largest amount (ouch!)


Opt-in or Opt-out?

From 25 May 2018 we can (finally) say goodbye to our consent automatically being given to receive direct marketing emails. Now the onus is on companies to gain our consent (opt-in) to receive these promotional messages. No more confusing statements with double negatives when ticking the box to avoid direct marketing (or should we have left it unticked?) Tick here to stop unreceiving direct marketing anyone?


But what about Brexit?

Could we have to do this all over again once we leave the EU?


Until the details of Brexit have been thrashed out we won’t be in a position to know exactly what the impact will be on companies that hold personal data of British citizens, although chances are that a British version is likely to mirror GDPR very closely. According to, “the UK Government has indicated it will implement an equivalent or alternative legal mechanisms.”


Bespoke Training’s approach to GDPR

How we handle the personal data of our clients, potential clients and training course participants is important to us, so we have engaged with a GDPR expert to make sure we do the right things (when we say expert we mean someone that is advising the UK Government on GDPR!) Together, we have made changes to our privacy policies (we have three – one for members of staff, one for clients/learners and one for potential clients) and put in place the mechanisms to make sure our policies are fair and transparent.


It has been a lot of hard work behind the scenes to get ready for this, but rest assured, we are ready.


For an in-depth view on GDPR, here is the link to the Information Commissioner’s Office website