In this blog series, we are taking the wordy General Data Protection Regulation (GDPR), breaking it up and decreasing the confusion that exists by providing straightforward practical advice. GDPR’s full official wording can be found here.

In the previous blog, we took a quick look at three important articles within GDPR; Article 15 – right of access, Article 16 – right to rectification, and Article 17 – right to erasure, and discussed what’s required for compliance. Onto the next three…

Article 18 – Right to restriction of processing

This article relates to requests from individuals for data not to be processed by your organisation, which includes not communicating with them for any reason outside of the request. During these times, you may store the data but it cannot be used for any purpose or passed on to a third party. If a customer has requested for their data to be rectified as per Article 16, information cannot be processed until after the amendments have been made. If customers are happy for their details to be stored but not processed, you must be able to migrate data to a system where it will not be processed or have it clearly tagged so that it is not used. Output Management Solutions, for example, are able to create ‘DO NOT MAIL’ lists and will cross-reference details on any communications that are processed to ensure they are not sent to those that have not consented. 

Article 19 – Notification obligation 

There are two strands to this. Firstly, any changes made to personal data – amendments or deletion –must be advised to the data subject, as well as any recipients to which it has been disclosed (unless this “proves impossible or involves disproportionate effort”). Any changes in consent from the customer must also be communicated. Secondly, if requested, you must provide the data subject of the third parties their information has been shared with. Whatever is demanded, you have 28 days. It’s important for firms to have databases or CRM systems that can flag when data has been amended. This ensures that it isn’t missed and subjects and third parties can be contacted within the timeframe. Communication templates streamline the process and ensure that all the necessary information is provided and can be sent physically or digitally. 

Article 25 – Data protection by design

This article can be viewed as being all encompassing. In essence, GDPR states that an organisation processing and controlling data must build data protection into its internal processes. In order to be compliant, you must be able to provide evidence of the specific steps taken to build data protection compliance into processes. For an organisation that has invested in GDPR-compliant technologies, such evidence can be easily provided. By simply adopting the solutions, you have already taken steps to make your internal processes more compliant. In the event of any investigation, cite the usage of these tools, as it will go some way to proving that you have taken appropriate steps towards data security. 

In the next blog in this series, we’ll run through the seven steps you should take to bring you closer to GDPR compliance.

Related Resources

digital image
White Paper

Modernising communications under ‘the new normal’

Organisations communicate with customers in a range of ways and need their messages to reach the right people ...

MessageMedia-Ins case study
Case Study

Quadient integration with MessageMedia helps global insurance provider meet its omnichannel communication vision

Quadient has helped a global insurance provider move beyond simple print communications to reap the rewards of a unified omnichannel communications strategy, including SMS, with Quadient's Inspire platform.
Case study thumbnail image
Case Study

Residents of Velocity Village enjoy simple parcel deliveries with intelligent parcel lockers from Quadient

Velocity Village provides apartments to rent in the heart of Sheffield.

case study thumbnail image
Case Study

West Midlands Ambulance Service: HR goes paperless to reduce costs and improve efficiency

Each day, West Midlands Ambulance Service (WMAS) University NHS Foundation Trust responds to around 4,000 emergency 999 callouts.



A rich history of world-class leadership

Backed by the experts

Backed by the experts

Gartner, Forrester, and Aspire



8 billion personalized experiences annually

Proven results

Proven results

97% customer satisfaction rate