The General Data Protection Regulation (GDPR) came into force on 25th May 2018
and is a piece of European Union legislation.

The purpose of the GDPR is to provide a set of standardised data protection laws
across all member countries. This makes it easier for EU citizens to understand
how their data is being used and have more control over it.

The legislation is monitored by the Information Commissioners Office (ICO).

Under the GDPR, individuals have greater control over their own data and organisations that hold data have greater responsibilities too.

Key questions that organisations need to consider are;

• Do we have consent from individuals to process their data?

• What is our legal basis for processing individual’s data?

• How do we protect individual’s data?

• How will we erase individual’s data if requested?

• What will we do should there be a data breach in our organisation?

If you handle or process data for your staff, clients or anybody else, then GDPR does affect you.

It applies to everyone, so even if you’re only just starting up your company, you must make sure you’re compliant. The onus is on you or your organisation.

We can’t offer legal advice or specific advice for your business, so we suggest you seek formal advice in making sure you’re compliant.

It’s not just about your organisation though – remember to check that any external data suppliers or marketing agencies that you work with (like us!) are GDPR compliant too.

Note: Once we leave the European Union, GDPR will remain. It’s likely to simply become GDPR UK, or similar, and apply to UK companies only.

We were well prepared ahead of the legislation coming into force in May 2018:

• We raised awareness of GDPR across all Buzz Education staff and stakeholders.
• All staff received in-depth GDPR training and continue to receive regular updates.
• We reviewed and updated all of our legal policies and data management processes in line with the legislation.
• We developed new processes to manage new data requests such as subject access requests and right to be forgotten requests.
• We confirmed the legal basis under which hold and manage our data.
• We reviewed our data security and updated our processes.
• We appointed a Data Security Officer who is now responsible for our data management.
• We investigated if and how GDPR would affect our individual services and put steps in place to manage this.

We’ve worked hard to make sure we’re GDPR compliant and that we remain as transparent as possible for our clients. And we’re keen to use this to continue to provide great education marketing services!

There is also a big positive that has come out of GDPR so far! It has helped to take away some of the distrust that individuals, schools and teachers previously had of marketing they received.

Before GDPR, individuals didn’t necessarily know how certain companies had come to hold their data.

Now, companies like us, who use legitimate data collection methods, benefit from the increased control individuals have over their data. We can tell recipients of our marketing exactly why we have their data, and why we are contacting them. This greater trust, created by GDPR, is delivering greater response rates for our clients!

The team can help you to:

• Build your bespoke mailing list
• Plan and develop an amazing marketing campaign
• Help you to create a buzz in the education industry

Here is some more useful information about GDPR:

An overview of GDPR

An introduction to GDPR from the ICO

The full text of the GDPR legislation