General Data Protection Regulation (GDPR)

Data protection in Europe is about to change significantly. The General Data Protection Regulation is coming into force on the 25th May 2018 and will apply to all businesses and organisations that collect, process or transfer personal data of those within the EU.

What is GDPR?

The General Data Protection Regulation (also known as GDPR) is a new set of rules designed to give people more control over what companies can do with their data. It will replace the current 1995 EU Data Protection Directive.

The regulation states that data must be processed lawfully, transparently and for a specific purpose. People have a right to know what data a company holds on them, why that data is being processed, how long it is stored for and who gets to see it. Organisations have a responsibility to ensure that personal data is collected and processed legally. Personal data under the GDPR is defined as any information that can be used to identify a person including names, addresses, emails, phone numbers, photos, etc. This has now been extended to digital identifiers such as IP addresses, cookie IDs, digital fingerprints, etc.

GDPR will also introduce tougher fines for non-compliance and data breaches. The new law creates a much higher standard that businesses can be held to, and large fines of up to €20m or 4% of annual global turnover.

How is Hayward Miller compliant?

Over the past year, we have made it our task to ensure the necessary steps are in place to protect personal data and to comply with the upcoming regulation. This has taken the efforts of all HML employees by putting processes and procedures in place to make sure we are meeting our legal obligations.

Below are some of the things we have done to ensure we are ready for the GDPR.

Personal Privacy

At Hayward Miller, we have always taken data protection seriously and we pride ourselves in taking proactive steps in ensuring your data is secure. All data is processed by Hayward Miller staff in the UK and is not sold on to third parties. We only use your information when required and retain it for as long as it is needed to complete our work; when that requirement has been fulfilled, the information is deleted.

Opt In & Opt Out

We make it easy for you to opt in and out. The GDPR gives individual’s greater control over how companies use their personal data. Our procedures make sure we only contact you when we have consent to do so. If, at any time, you no longer wish to receive communication from HML you can unsubscribe. All withdrawal of consent requests are dealt with within 24 hours.


We have a Privacy Policy in place which is reviewed regularly. This tells you how we use your data and what your options are regarding our communication with you. We also have a Data Breach Response Policy in effect. This states the processes involved in the event of a breach. Should there ever be a data breach or suspected data breach, our first priority will be to inform our clients immediately.

Privacy Policy

Cyber Essentials

We are a Cyber Essentials certified business. This is a great way of showing that data protection is taken seriously. The Cyber Essentials certification demonstrates that we are addressing cyber security effectively and have implemented the necessary controls to protect against the most basic internet-based threats.


We organise regular training on GDPR for all our employees. This ensures that all Hayward Miller staff are aware of what the GDPR is, how it affects us and making sure they follow the recently updated company procedures.

If you want to know more visit the official EU General Data Protection Regulation webpage