Click here to visit the GREAT Yorkshire Directory for quality business suppliers in YOUR AREA

A Guide to GDPR

Editors Note: Expert content needs an expert content writer and Yorkshire Powerhouse is pleased to publish this business advice article on ownership agreements, kindly written by a real expert in his field – Richard Coulthard, Partner and Head of Corporate at Ison Harrison Solicitors.

Please consider contacting Richard to improve your business finances – just click on the advert links above or below – and please mention Yorkshire Powerhouse if you do make contact.

GDPR objectives

The General Data Protection Regulations give individuals control over personal data. The legislation was introduced to show businesses how to think seriously about personal data, how it is managed, stored and therefore ultimately used.

GDPR penalties

GDPR comes with harsh penalties for those who do not comply. Companies found guilty of misusing data can be fined heavily, with fines up to 4% of turnover.

The Courts take a strict approach to GDPR compliance; with individuals being able to claim compensation as a consequence of breaches.

To save your business from heavy fines and legal costs, it is important to be compliant from the first instance.

GDPR Controllers and Processors

GDPR is wide reaching and impacts all aspects of business from customers and employees to suppliers and third parties. It is necessary to have a Privacy Notice in place and appropriate contractual provisions.

Need help with a business plan?

Download our planning templates:


GDPR applies to both controllers and processors of personal data. Your obligations vary, depending upon whether you are a processor or controller of personal data. In short, a controller decides the purpose of the data processing, whilst the processor actually processes the data.

Both controllers and processors can be claimed against for compensation and damages.

If you are unclear of your obligations in any way, appoint an expert to clarify your role.

Lawful Use of Data

Data ranges from contact information; telephone numbers and emails, to more sensitive information such as medical history.

A Business must have a legitimate reason to store and use data. There are 6 lawful reasons to process data:

  • Consent
  • Contractual obligations
  • Legal obligation
  • Vital interests
  • Public interest
  • Legitimate interest

Do all businesses must comply with GDPR?

In short yes. GDPR applies to all organisations who hold any form of data. Even small businesses who may only hold limited data such as a contact number technically need to comply.

The data protection laws are complex and what steps you need to take will depend on the nature of the business. The obligation to comply with GDPR is continuous, and there is no short or simple answer.  If you are unsure on your own business situation then seek a professional partner to provide legally accurate advice.

Now you’ve read our Guide to GDPR, have you any more questions?

Here at Yorkshire Powerhouse, we’re happy to help as much as possible – is there anything else we can do to help you, do you have any further questions or can we help introduce you to an expert – please let us know:

Please leave this field empty.

Please share this page with your own network to spread the word:

Yorkshire Powerhouse Limited is a company registered in England & Wales No. 10237925.
Registered address: 40 Gordon St, Slaithwaite, Huddersfield HD7 5LH