Data Collection & Processing Once The GDPR Kicks In

Data collection & processing once the GDPR kicks in

When collecting or processing personal data...

Your organisation, as well as your suppliers that handle data on your behalf, must apply these key points under GDPR:

  • Process data lawfully, fairly and transparently
  • Only collect data for explicit and legitimate purposes
  • Data must be relevant and necessary for processing
  • Keep data up to date and accurate with processes in place
  • Keep identifiable data only if necessary for processing
  • Protection for children requires parent/guardian consent to process their data
  • Ensure you are equipped to satisfy subject access requests(SARs) within set times
  • Keep all data secure

For further GDPR guidance and practical steps, we have put together a Whitepaper: GDPR for small businesses, this provides a straightforward overview, to help work towards GDPR compliance. To access this Whitepaper Sign Up to Gravicus Osprey where you will also get 5 Free Data Protection Impact Assessments (DPIAs) with Osprey DPIA.


Telephone: 0203 858 0636

Email:  info@


Simply smart data management with Osprey