Published: 02 Apr 2018
Last reviewed: 16 Sep 2020

The General Data Protection Regulations (GDPR) came into force on 25 May 2018 and impacts how you collect and store people’s personal information. 

The SSA UK has developed a comprehensive guide to enable members to better understand their obligations under the GDPR. These new European wide regulations will impact how you collect, store and handle personal data from customers, the public, employees and anyone else that you keep personal data from. The Association has also developed a template privacy notice that members can implement and also some procedures that can be adopted in regards to data protection.

Members need to consider the following before collecting and storing people's personal information:

  • A data audit of their business.
  • Appointing someone to manage data.
  • Revision of their privacy policy.
  • Ensure provision of privacy policy to customer BEFORE any data is collected.
  • Understand customer rights to deletion and amendment of their data and have provisions to accommodate such requests.
  • Ensure correct consent is received if you intend to market to customers after they leave or those customers that enquire but do not store with you.
  • Understanding your legal basis for collecting data.


The privacy notice on its own can be found here.

The Data Protection Policy for members can be found here

The GDPR Guide for staff can be found here