GDPR: What does it mean for you?


CS2 are a Building Surveying and Cost Consultancy practice based in Northampton, with additional offices in London, Manchester, Birmingham, Bristol and Milton Keynes. The Marketing Department is based in the Northampton Head Office and is now up to full speed, having recently recruited a Marketing Manager, Sophia Griffiths and Social Media & Digital Marketing Assistant, Eve Hesketh.

Sophia previously worked at FSE for over 8 years in the Education sector and is currently studying for a Business and Marketing Degree. Sophia’s main focus will be the implementation of the company’s marketing strategies and activities.

Eve has joined CS2 from Althorpe House, where she assisted with the Literary and Food & Drink Festivals. Eve will manage all social media platforms for CS2 and will manage the company website.

Rachael will continue to plan all events for CS2, sponsorships and produce the company literature. Sophia and Eve have joined forces with Rachael Swanston, who has worked for CS2 for over six years and has been responsible for the marketing of the company for the past two years.

Heading up the newly formed Marketing Team, Sophia told us

“I have a great strong team, each member brings their own star qualities to CS2! I am looking forward to pushing forward with business development and ensuring that we maintain great relationships with existing clients. I am particularly keen to forge new working relationships with local clients. We hope that by entering and sponsoring events such as the Business Awards, we can meet local business people.”

One of the challenges the new team will be facing in 2018, is the implementation of the new GDPR legislation. Please read below to see how it may affect your business and how to prepare for the changes your company will need to make.

How will GDPR affect you?

The current Data Protection Act (DPA) is going to be replaced on the 25th May 2018 with the General Data Protection Regulation (GDPR) - meaning the way you manage information and data within your business will need to change.

What is it the Data Protection Act (DPA)?

In 1998 the DPA law was passed, impacting the way information about people/businesses can legally be used and handled. The reasoning behind it was simply to protect individuals against misuse or abuse of information about them, preventing businesses from selling or passing on your information. It was basically introduced to stop your information from ending up in the wrong hands, however this will be superseded by the new legislation.

What is it the General Data Protection Regulation (GDPR)?

The GDPR is a new data protection regulation which will strengthen the security and safety of all data held within an organisation. The GDPR will introduce tougher fines to non-compliance or breaches, giving people more control over what businesses do with their data.

Why introduce the GDPR?

The main objective of the GDPR is to protect personal data, enforcing stronger data security and privacy rules among organisations. The internet has changed the way we communicate on a daily basis, we send emails, purchase goods online, pay bills and share documents, sometimes without even thinking about how our information is used online. The current legislation was introduced before the internet created ways of exploiting data and the GDPR is looking to address that issue. Data is stored digitally when you are checking your banking information, social media posts and even your IP address, so by strengthening data protection legislation, we should improve trust in the digital economy.

Preparing for GDPR

- Educate yourself – GDPR is being put in place to make businesses accountable for breaches and loss of data, so security features need to be put in place and understanding how hackers operate, is essential.

- Awareness – Make sure everyone within the business is aware of the new rules surrounding data regulation and how this will affect the business.

- Privacy Policy – Review the current privacy policy as its likely some changes will be needed and put a plan in place for the changes.

- Evaluation – Evaluate how your business currently handles data and what security is in place to protect it. Consider how the data is collected about your customers and clients and where it is stored.

The main purpose of the GDPR policy is to keep companies better protected against breaches in security. Having the right strategy and system in place will ensure your business is prepared and secure for many years to come.


If you would like to discuss this article further please contact Sophia Griffiths by email sgriffiths@cs2.co.uk or call 01604 603030.