Introduction

W elcome to the GDPR Decoded deep-dive guide to the General Data Protection Regulation (GDPR).

These pages are a detailed look at the various aspects of the General Data Protection Regulation (GDPR), with a focus on how each part of the regulation will affect small and medium sized organisations (SMEs), whether they be commercial or not-for-profit, in the UK. There's also a shorter GDPR Summary version of these pages that features a subset of the information in this guide.

This document is based on the only two sources of information that are truly authoritative at this point, namely:

  • The GDPR itself , including the recitals (which are a series of clarifications and extensions to the GDPR's contents that have been officially incorporated into the regulation)
  • The views of the Information Commissioner's Office (ICO), who are responsible for implementing and enforcing GDPR in the UK, in particular:
    • The ICO's documentation on GDPR
    • The excellent new blog series on GDPR Myths from the Information Commissioner Elizabeth Denham
    • The ICO's answers to requests for clarification - in this case a series of web chats we've had with ICO staff (See the ICO Chats list in the Resources menu).

The aim of this document is not to reproduce and reword the contents of the above documents, but instead to provide an alternative 'way-in' to GDPR for the as yet uninitiated.

This document has sections that cover all of the main parts of the GDPR that apply to small and medium sized organisations. In each section we will include the headline detail of that part of the GDPR and then a series of examples and observations of what that part of the GDPR means to your organisation.

Each section will also include links to the relevant parts of the GDPR, the relevant Recitals and the relevant part of the ICO's Overview of the GDPR. The idea is that you read this document to get the gist, then read the content at each of those links to get the full detail. We are assuming that many people will use the ICO's Overview as a starting point, so we have followed a similar structure to that document. This series of articles could be considered a companion piece to the ICO Overview.

All of the above mentioned source documents are well written in plain English and are thoroughly understandable without the need for any prior knowledge of data protection or European law. The slight exception to that is the ICO site which makes frequent mention to the Data Protection Act (DPA), especially in the introduction. If you don't know the DPA well, don't be put off from continuing reading the ICO content, the content is invaluable even if you have to skim over the DPA parts.

It cannot be overstated enough that this document, and indeed this entire site, are primarily our opinion and our understanding of the GDPR. We are not lawyers or data protection experts, we are a software company seeking to understand the GDPR so that we can fully comply with it ourselves, fully comply with it in our role as a data processor and so that we can advise our customers correctly on how GDPR affects their systems. You should read the GDPR yourself and if you are new to data protection we would strongly recommend employing the services of a GDPR expert to assist on the path to compliance.

Important: This site describes our current understanding of the General Data Protection Regulation (GDPR).

We are not lawyers, always seek specialist GDPR advice for your organisation.

About Redox Software

At Redox we specialise in producing bespoke software written especially for your business. We can write you a system that can be used on your computer, via the web or on your tablet/phone – or any combination of those - either now or in the future.

Latest Redox Posts


Our Contact Details

The Colin Sanders Innovation Centre
Mewburn Road, Banbury
Oxfordshire. OX16 9PA

+44 (0)1295 817646