The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR)

GDP Data Protection logo
The General Data Protection Regulation (GDPR) is about the processing of personal data. It applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified. This includes all manual and automated processing of personal data. It is for those who have day-to-day responsibility for data protection.
The ICO explains the provisions of the GDPR to help organisations comply with its requirements.

Who exactly does the GDPR apply to?

  • The GDPR applies to ‘controllers’ and ‘processors’.
  • A ‘controller’ determines the purposes and means of processing personal data.
  • The ‘controller’ shall be responsible for and be able to demonstrate compliance with the principles.
  • A ‘processor’ is responsible for processing personal data on behalf of a ‘controller’.
  • As a ‘processor’, the GDPR places specific legal obligations on you. As an example, if you are required to maintain records of personal data and processing activities, should a data breach take place, you will have legal liability if you are responsible for the breach.

The GDPR refers to sensitive personal data as ‘special categories of personal data’. Health, racial or ethnic origin, religious or philosophical beliefs, genetic data and biometric data, sexual orientation, are all classed as special categories.

To help organisations understand their mandatory obligations better we are holding free monthly GDPR webinars specifically for:

  • Independent Therapists
  • Brain Injury Case Managers
  • Psychologists and Neuropsychologists

We want help organisations to carefully look at all their day to day processors, activities and systems, both manual and electronic, to see where the GDPR impacts and what changes/amendments need to be put in place.  We have ran monthly webinars previously and would be open to running new ones in the future.

What the webinar would cover:

  • Roles and Responsibilities
  • Appointment of Data Protection Officer
  • Data Mapping
  • Technology used for Processing Data
  • Security – what you need to know
  • Information Notices
  • Subject Access Requests
  • Consent
  • Policies and Records
  • Audit of your Data Processing Activities – internal and external
  • Privacy by Design
  • Updating your Terms of Business, Employment and Associate Contracts
  • Breaches and Fines
  • Keeping your Data Protection Breach Register
  • What does a breach look like?

To find out more, please contact Jayme on 01636 904951 or email


I asked Tracey to help me make changes to my business in line with new General Data Protection Regulation (GDPR) legislation. I can’t begin to praise Tracey enough. She was able to quickly and efficiently help me review my service, assess my GDPR needs and draw up the relevant documents ready for me to simply insert into my business. I feel generally more organised and professional than I did before. I wouldn’t hesitate to recommend this service.

Emma Merriman Rehabilitation


The webinar was brilliant and the follow up information for the Compliancy Action Plan looks fab.

Tasha Gobell – Specialist Speech Therapist


I found the webinar really useful – you covered everything really comprehensively, I’ve got so much useful information from it, and am understanding compliance fully now. Yes, it is a dry subject, but your energy certainly made it easier to follow, and I thought that you answered everyone’s questions thoroughly without spending too long on each section. So, thank you so much for your time Tracey, and I’m sure that we will be in touch with you for help of some kind in the not too distant future!

Mandy Martell, Sleep Unlimited Ltd