We’re holding simple 1-on-1 sessions to make sure your website is on track to be GDPR compliant.

The deadline is 25 May 2018

What is GDPR?

General Data Protection Regulation will affect most businesses, even if you only have a contact form on your website, or add people to an email newsletter.

The aim of data protection laws is to stop unscrupulous businesses misusing personal information, and to make sure that businesses keep private information secure. Personal information can be anything from someone’s name, to their credit card number, or other financial data. GDPR grants to EU citizens rights to their personal data. Personal data is any data which enables an individual to be identified.

Some examples of misuse include selling email addresses to spammers or sending unsolicited marketing material.

Put simply, if you collect personal information (and most businesses do) then if you misuse that information, or fail to keep it secure, then you could face a fine. In a nutshell, the new GDPR legislation has the following obligations. You must:

  • Tell the user who you are, why you collect the data, for how long, and who receives it.
  • Get a clear consent before collecting any data.
  • Let users access their data, and take it with them.
  • Let users delete their data.
  • Let users know if data breaches occur.
How would you feel if your name, email address and phone number were ‘lost’ by your telephone company? You might feel distressed, angry and keen to know how it happened, when you trusted your information to that company. Data, and its protection, doesn’t become less important just because it’s given to a small business, or a one-man-band. It is equally important because the risks are the same.

1-on-1 audit sessions

We are holding 1-on-1 sessions to ensure your website is GDPR compliant before 25 May 2018. These sessions are designed for small businesses only.

We will look at your website and will confirm whether you will be compliant by the deadline date. If not, we’ll pinpoint areas that will need to be looked at before 25 May to avoid a fine. This may include:

  • making sure your contact form is suitable,
  • making sure that your website is secure from a hack/data breach and that you have the tools in place to know when a data breach has occurred,
  • thinking about how you would delete someone’s data should they ask you to,
  • making sure that you have the express consent of someone who is on your email database.

We’ll also take a look at some of your other marketing activities, like email newsletters, online surveys and any other places you might be storing personal data. Finally, we’ll supply you with a list of good practices that will help you maintain your GDPR compliance in general.

At the end of the session, you’ll be emailed a report detailing suggested changes to make to your website to ensure your GDPR compliance. You can then take this to your web developer to make those changes.

You’ll also receive a £10 voucher to spend with Candid Creative Studio to make those changes to your website, subject to a separate quote.

If you have any questions, please send an email to

Book your audit session

These sessions are charged at £70 per session.

25% discount for all Candid clients.

Free website-only audit for websites build by Candid.

Once you make your booking, you’ll shortly receive an invoice that must be paid before your session.

What Candid is doing to be compliant

We’ve been working hard over the past few weeks and months to make sure Candid will be GDPR compliant by 25 May 2018.

We have been talking to our hosting companies to ensure they’re ready. We’ve been talking to our printing companies to make sure that artwork we send for printing is deleted once the job is completed. We’re busy re-gaining consent for our email newsletters. And we’ve been making sure that our staff know the implications of the new law on their work.

If you’d like to know more about what we’re doing, please send an email to