Everything You Wanted to Know about GDPR (But Were Afraid to Ask)

Written By: Cudy

18th April 2023

Everything You Wanted to Know about GDPR (But Were Afraid to Ask)

This is a quick introduction to the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. The new regulation replaces the current Data Protection Act 1998.

It affects any organization that processes personal data about individuals or offers goods or services to them.

Why Does GDPR Matter?

Under the current Data Protection Act, fines for non-compliance can be up to £500,000. The maximum fine under GDPR will be €20 million (£17 million) or 4% of global turnover, whichever is greater.

In addition, they can fine organizations up to €10 million (£8.8 million) or 2% of global turnover for not having their records in order (for example, failing to keep proper employee records).

grayscale photo of person using MacBook
Photo by Sergey Zolkin on Unsplash.

What Has Changed?

GDPR sets out several key changes that make it easier for businesses and organizations to comply with data protection laws and principles:

The GDPR will replace the Data Protection Act 1998. It applies to all companies processing the personal data of EU citizens, regardless of where the company is based.

GDPR is technology-neutral. This means that it will apply to any business that uses technology, from apps and websites to CCTV systems and databases.

GDPR clarifies that data protection laws apply not just to ‘personal data' but also to ‘special' categories of data, such as genetic or biometric data.

It also clarifies the definition of ‘sensitive personal data’, which can be about criminal offenses or convictions.

For example, names and addresses are likely to be sensitive personal data because they can identify an individual.

Rules Relating to Children Under 16-Year-Old

As well as being more explicit about the definition of sensitive personal data, GDPR has strengthened provisions relating to children under 16 years old, particularly about online services such as social media platforms and online games.

In addition, it sets out stricter rules on consent for processing special categories of personal data or sensitive personal data. These rules include:

  • Individuals must give unambiguous consent before organizations can process their sensitive personal information (for example, ticking a box). This includes information relating to criminal convictions and offenses.
  • The organization must clarify what the individual is consenting to, for example, whether they are consenting to market materials or an app.
  • Individuals must be able to withdraw their consent at any time.
  • Wherever possible, the organization should use ‘granular’ opt-in consent mechanisms (for example, asking people to tick a box if they want to receive marketing materials from the organization).
  • Where it is not possible to use granular opt-in, then organizations must explain why it is not possible in their privacy notice. For example, they may need to provide an ‘opt-out’ option for those who do not want their data processed for marketing. They must also explain how individuals can withdraw their consent at any time.

Getting Consent from Individuals

The GDPR will introduce more stringent rules on obtaining consent from individuals before processing their personal data. In particular:

  • It will clarify that consent must be freely given, specific, informed, and unambiguous. They cannot assume it from silence, pre-ticked boxes, or inactivity.
  • It will also require organizations to keep evidence of consent (for example, by asking individuals to sign a form).

The GDPR is likely to have a significant impact on how organizations interact with their customers and business partners.

For example, if an organization has an app that requires location data for the app to work, then it may need to get explicit consent from users before collecting and using this data.

The same would apply if an organization wanted to send marketing materials via email or SMS text messages.

Organizations must get clear consent from individuals before collecting any sensitive personal data or special categories of personal data (such as criminal convictions).

They must also make sure that the individual understands what they are consenting to (for example whether they are agreeing to receive marketing materials).

person using laptop
Photo by Thomas Lefebvre on Unsplash.

Transparency about Information Usage

Organisations must provide transparent information about why they need the information and how it will be used. This includes:

  • The organizations that might use the data (for example, direct marketing companies or debt collection agencies). The type of processing that will take place (for example, using the data to send marketing materials or to conduct a credit check).
  • Individuals must be able to withdraw their consent.

The Right to be 'Forgotten'

The GDPR introduces a ‘right to be forgotten'. This gives individuals the right to have their personal data deleted in certain circumstances, for example, if it is no longer necessary for the purpose it was collected.

The GDPR also clarifies that individuals may ask an organization to transfer their personal data from one service provider to another.

Organizations must have a lawful basis for processing personal data. The most common lawful basis is ‘consent’, but there are other grounds for processing too, such as ‘contract’ and ‘legitimate interests. Organizations will need to make sure they have evidence of consent before collecting and using personal data, such as

  • Recording how and when individuals gave consent.
  • Where appropriate, keep evidence of consent in an accessible format (for example, by asking people to sign a form).
  • Organizations must keep accurate records of all personal data they hold. They must also make sure that the records are easily accessible and readable.

This will help them identify any personal data that they no longer need to process, or that is incorrect.

Read similar articles about Privacy Policy and other related internet security articles on the Cudy Blog page!

Written by


Cudy is an online marketplace for real-time learning where students can achieve mastery over their subjects by learning live from educators who are passionate about providing the best learning experience for their students.

More stories

wood woman iphone desk 92331
In Google Trends, in the event that you search for the enthusiasm of SCORM, the outcomes don't look so encouraging for the past 10 years. SCORM is becoming less popular, and it is obvious in the falling enthusiasm of individuals. So what has turned out badly? For what reason is SCORM, the highest quality level …

SCORM? It’s so 2004. Say bye to it in 2020. Read More »

Alexander Lim

19th April 2023

wood woman iphone desk 92331
The present undertaking learning techniques require shrewd arrangements that go past the abilities of customary apparatuses. A Learning Platform engages L&D divisions to drive business development through their endeavors. A key mainstay of this arrangement is the Learning Management System (LMS). To see how a Learning Platform help improves learning targets, please first get a …

What is a Learning Management System? Read More »

Alexander Lim

19th April 2023

photo of child sitting by the table while looking at the 4145153 1
A Learning Management System is a priceless apparatus of the eLearning exchange. It composes, stores, and conveys your eLearning course materials, and that is only the tip of the Instructional Design iceberg; which is the reason picking learning management system pricing models that offer the correct highlights at the correct cost is basic. In this …

The 6 Different Learning Management System Pricing Models Read More »

Alexander Lim

19th April 2023

business woman businesswoman decor 68761
For Singaporeans, studying is the main key to have a successful future. They give everything to their children to provide them a high-quality of education and lead a better and successful life in the future. In Singapore, the education system is important and many parents chose to also enroll their children in online tuition.  With …

How Online Learning Changed the Lives of Many Singaporeans Read More »


19th April 2023

Subscribe to our blog