A Brief History Of Us

  FROM DIAL-UP INTERNET MASTERS TO LEADING DIGITAL MARKETING AGENCY IN DEVON Every digital marketing agency has a story… but none in Devon go quite so far back as Optix Solutions… The year was 1999 and Ricky Martin was livin’ la vida loca whilst three fledgling guys including Alastair Banks and James Dawkins were studying…

Read More

Digital Skills, Flexible Working, And Work-Life Balance

HOW THE OPTIX DIGITAL ACADEMY CAN ADDRESS THREE URGENT ISSUES FACING EVERY BUSINESS AND EMPLOYEE It goes without saying that both businesses and employees are finding themselves increasingly shifting to online platforms and channels to promote their services and skills, with the UK digital economy predicted to grow to 33% of GDP by 2020. Yet,…

Read More

Do What You Say You’re Going To Do.

What we can learn from Facebook’s UX Overhaul. When a high profile platform like Facebook, decides to redesign their desktop and mobile platforms, it sends the fear of god into every other business, wondering if they too need to follow suit. Facebook’s recent keynote was an interesting one for User Experience and User Interface, they…

Read More


I thought I’d start a new tradition this year, a wrap-up blog showing my 2018 company highlights. I’ve always thought its a pretty useful exercise to look back and reflect on the year, even if you’re the only one that reads it. So we started early 2018 with a bang – Our annual seminar at…

Read More

The Small to Medium businesses no-nonsense guide to GDPR

The subject of GDPR has moved from an almost obscure subject into one of the key business change issues facing all businesses.

GDPR: Separating Fact from Fiction for SME’s

What is Personal Data?

Personal data is anything that could be used to identify a real person. It could be anything from a photograph of a real person, an email address, facebook, links to bank details and medical information –  this constitutes as personal data.

What does consent look like? 

Firstly there’s no more hiding in long ambiguous terms and conditions. If you’re asking a person for data that could be used to identify that person, then explicit consent must be given to your business. The EU GDPR guidelines state that it must be as easy to withdraw consent as it is to give it.

This could be as simple as an unsubscribe button in an email for generic data. Or should the data be sensitive, like medical information for example, then you must tell the person to whom the data belongs, how you will use and store that information and then GIVE them the opportunity to OPT OUT easily.


I understand what GDPR is, but what does my Business have to do to be Compliant?

GDPR in simple terms is a business providing evidence of the lawful processing of a person’s personal data. Your business will will need to have evidence that the personal data you have stored, managed etc, has a basis in one of the following:


Consent: the person has given clear consent for you to process their personal data for a specific purpose.

Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

Vital interests: the processing is necessary to protect someone’s life.

Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)


Making your SME GDPR Compliant 

25th May 2018 is fast approaching so here’s what you need to do:


  1. Get Started – it isn’t as scary as it is presented
  2. Don’t let one person be responsible for managing GDPR for your business. Even if you have an SME and little resource, this is a big legal change so do create a team / some time to ensure you're confident in your data process and responsibilities as an SME
  3. Understand the implications of how personal data is collected, used, managed, stored and disposed of within your business. You could categorise the data you have into a basis as detailed above;
  • Consent

  • Contract

  • Legal

  • Vital

  • Public

  • Legitimate


  1. Once you have the data initially organised you can then organise that data by

  • Staff
  • Customers
  • Prospects


Use these categories to define the value of personal data to your business.


  1. Document what you do and any decisions you make, particularly of how you will lawfully process personal data now and in the future.
  2. Consider your supply chain and ask what they are doing to protect data that is passed to them or received from them. For example staff data for:
  • Payroll
  • Pensions
  • Insurance
  1. Have your process checked by a legal representative to ensure it’s as thorough as possible and you’re compliant.


We know how confusing it can all be but try not to worry, you’ve got this!


Further support can be found;





Written in collaboration with Augmentum.

Read More