The new GDPR (General Data Protection Regulation)

Go Back
Leigh Mardon

Reading time: 2 minutes

The General Data Protection Regulation (GDPR) is a new law that will come into effect on 25th May, 2018 to replace the current Data Protection Act (DPA). The GDPR principles are similar to the DPA but with added details at certain points and a new accountability requirement.

Source: auth0

Under the new act, businesses are required to:

“lawfully, fairly and transparently process their customer’s personal data as well as demonstrate their compliance with the principles”.

There are also some legal basis set-out for processing this data, one of which states it’s lawful to collect it so long as it’s for:

“specific, explicit and legitimate purposes”

According to the new GDPR, direct marketing is covered as one of these legitimate interests.

In order to carry out any form of data processing, companies must comply with these new updates and demonstrate their compliance. For example, providing clearer messaging at the point where data is collected (e.g. during the checkout process), providing clearer data storage policies and clarifying how long data is stored for and by whom are the types of measures that will be expected.

Ultimately, these new regulations are being put in place to reassure the customers, to better explain what and why data is being processed.

The changes will not be too severe on the majority of businesses who already adopt a best practice approach to their data processing. As this eConsultancy article suggests, “savvy marketers” should already be acting as transparent as possible with customers regarding data processing. However the new regulations will expect all retailers to communicate on the same level, which means some will have to begin making these changes in time for next May.

Who will it affect?

The new law applies to both “controllers” (retailers) and “processors” (platform providers). GDPR will mainly affect the retailer, as they’re the ones who say how and why personal data is being processed. When the changes come into effect next May, they will be required to maintain records of personal data and processing activities. They’ll also be significantly more legally liable should they breach the new regulations.

On the other hand data processors, like ourselves at blubolt, will be less affected but not without some changes. Processors will have the responsibility of ensuring that all current contracts with controllers are up-to-date and comply with the GDPR.

What are blubolt doing?

In order to ensure we’re on top of these upcoming changes in regulation, blubolt will be setting up a project team who will be working with our customers ensuring all necessary updates are made, well ahead of the deadlines next May. If you’d like to hear more information then please get in contact with blubolt.

Sign up for our monthly blubolt email!

For eCommerce news, product updates, & great insights!

See how we can help your brand grow!

We'd love the opportunity to show you how we are the right partner for your eCommerce success! In an initial 15 minute phone call, we'll walk you through:

  • Platform: How our eCommerce platform, bluCommerce, can meet your current and future objectives with its' best-of-breed feature set and integrations.
  • Design: How our world-class creative and build process works to perfectly represent your brand to your customers.
  • Service: How we support your growth every step of the way with a dedicated Customer Success and Technical Support team.

Simply fill out the form below, call us on 01225 580 037, or email and we'll schedule a suitable time with you.

We're on a mission to help raise awareness about bowel cancer

Learn about our charity partnership