GDPR is almost upon us. Are you nearly ready?

It’s not long now until 25th May when the new GDPR regulations come into force, overtaking the long standing Data Protection regulations. We’re still busy at VANEL trying to get everything ready, and this week I’ve also been busy training member organisations on a practical approach to GDPR.

I’ve been asked to put on more GDPR Basic training sessions, so I’ve scheduled another one on 12th June (from 2pm-4pm). It’s a bit after the ‘launch’ date, but GDPR is ongoing, we’ll be working on it for months probably to get it all right, so let me know if you’d like a place on this session. More info about the session here.


The key thing about GDPR is that it’s about principles not rules. There is no instruction for how exactly to comply. You need to understand the principles behind it and then work out how to apply them to your organisation and data processing situations. For example – data minimisation and the principle of only collecting personal data that you really can justify a need for. How you put that principle into practice is up to you.

So the most important 4 principles I keep coming back to are the highest level ones. They are mentioned in this video here which you really should be watching.

Accountability – can you account for/justify/evidence everything you’re doing around data?
Transparency – from privacy policies, to data capture forms and more – how are you keeping people informed?
Governance – getting all the process, procedures, paperwork, people and culture right?
Security – how are you keeping it all secure?

Most GDPR work you’re going to be doing fits into these principles.

Self-assessment tool

A useful new tool which you should really start using is the self-checking tool (here). There’s lots of questions to work through, but it will help you to understand which legal basis you should/could be using for your data collection. You might need to actually work through it over and over again for each different type of data workflow. The help buttons are particularly useful for understanding context and what each question really means. I recommend it – go check it out.


There is a growing list of many useful resources out there, so I’ve assembled links to some of the better ones on a page on our website. Our resource page is here. Take some time to start looking through the resources.

GDPR and Children

There’s still a little bit of grey around the area of GDPR and children and we’re lucky to have Sam Delaney from NCVO coming to speak on this very subject at our V:Expo event on 5th June at Grimsby Central Hall. If you work with younger people then this might be a useful talk to listen to – and of course there’s more going on at the event itself too. All the info about V:Expo is here including how to book.

And finally

And finally, here’s a warning message about GDPR delivered to the sector at a conference last week – “Reboot your thinking around personal data ahead of the GDPR deadline”. It’s a reminder that if the way you are using data “feels uncomfortable” then it’s probably not GDPR compliant. Have a read