Rights and Responsibilities on GDPR 

GDPR has many benefits, encouraging you to nurture your clients and cleanse your data set so that you have a nice clear and concise group of people you are sending content out to. In this blog we look at the benefits of GDPR, rights and responsibilities, key terms and there is also a 10 step process that we followed to ensure compliancy that you can follow too.

Fail to prepare, prepare to fail. Preparation is key to being successful with GDPR – if you prepare well, everything else will fall into place. There are various procedures that need to be looked at and audited – when we were preparing for GDPR at GetMyFirstJob we spoke to our solicitors who guided us through the preparation process and made sure that we were covering all bases. 

The first area to cover is to review your consent mechanisms to make sure they meet the GDPR requirements on being specific, clear, prominent, documented and easily withdrawn. Also check your documentation procedure to demonstrate what the individual has consented to, including what they were told, and when and how they consented.

It is important to prepare and research as much as you can – once you have covered off everything that you can do but feel that you need someone to look over your compliancy and the measure you have put in place, consult a solicitor who can help you make sure you are 100% compliant come May 25th, 2018.

Rights and Responsibilities

From 25 May 2018, like all business, charities and any organisation holding individual data, we will all need to comply with GDPR, the new data protection regulations. Though they are European regulations, they will still be implemented in the UK despite Brexit.

This is a great opportunity to reinforce your current data protection policies and organisation behaviours around data management internally. Data protection is organised around 8 core rights for individuals: 

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erase
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.


The benefit of GDPR is that it strengthens these and in particular, how the data is processed. With this in the forefront of our minds we are ensuring that we have all our customers opting into the relevant communications and will never share your details with a third party, ensuring all the communications you receive are relevant and align with your preferences.

For us as an organisation, we have been focussed for the last few years on producing more and more tailored information and advice for young people, teachers and parents, so the principles of GDPR make complete sense to us. As a relatively small organisation the pain point is around ensuring the correct processes and contracts are in place to be fully compliant, which we are currently on track to meet by April this year. Watch this space!

Key terms relating to GDPR 

‘Data Controller’

"Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.

‘Data Processor’

 "Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

What have we done to ensure we are GDPR compliant by April and what could you do to be compliant? 

We have followed a process that you might be able to use too:

  1. Audit of data stores across the business
  2. Audit of third parties that interact with our data
  3. Speak to solicitors for legal support to ensure legally we are complying with the GDPR
  4. Update contracts, T&Cs to ensure they are GDPR compliant (some legal advice might be required here)
  5. Update websites, apps, email communications to ensure they give the right information clearly
  6. Appoint ‘data coordinator’ to be the go to person to ask about GDPR questions, and future issues as they crop up
  7. Draw up clear processes to follow GDPR requirements for all departments, employees and systems – and tell people about them, explain GDPR principles
  8. Audit everything again to make sure you haven’t missed anything!
  9. Ask a few ‘what if’ questions relating to customer/employee/client data to test the processes you’ve set up. E.g. what if a data breach has a big knock-on PR impact?
  10. Agree schedule of reviewing compliance[1]

Read our previous blog on GDPR here.

To read more about GDPR and its official guidelines visit the ICO here.

[1] Download the recruitment GDPR graphic at https://www.rec.uk.com/news-and-policy/policy-and-campaigns/GDPR