Start Your Project

Clear Vertical’s GDPR Statement

A new EU regulation will soon come into effect that will impact how all organisations collect and process people’s personal data. The General Data Protection Regulation will become law on 25th May 2018.


As we approach May 2018, Clear Vertical is focused on GDPR compliance efforts. During our implementation period for the Regulation, we are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law by the 2018 deadline. Our clients will receive updated terms of business based on changes that we’ve implemented and this will be rolled out, early in 2018.

Clear Vertical has opted for third party cloud based solutions, all with restricted access to client data by our employees. Our emails and website are also encrypted for extra safety. As a company, we hold very little personal details on our clients making for a smooth transition for when GDPR arrives and takes full effect.

For more information on how it affects your business marketing to prospects, both digitally and through traditional methods, please see our sister company’s GDPR page:

Further GDPR regulations can be found on our Privacy Policy page:

For more information on GDPR or our data collection policy, please email

Compliance Countdown
  • 00 days
  • 00 hours
  • 00 minutes
  • 00 seconds

Frequently Asked Questions

What Is the GDPR?

In May 2018, the General Data Protection Regulation (GDPR), introduced by the European Union, will come into effect.

The General Data Protection Regulation (GDPR) is the result of 4 years of work by EU member states to address new data threats. As compared with the Data Protection Act, it introduces stiffer fines for companies which are not compliant and gives consumers greater control over the ways in which their personal data is being used. In addition, it makes these new protection rules consistent throughout the EU.

Is Your Business Prepared for GDPR?

Although GDPR went into effect in May 2016, EU businesses (including those in the UK) have until 25 May 2018 to be compliant. According to research from ITPRO, although the majority of IT security professionals in the UK know about the new legislation, only 43% are assessing the impact it will have on their companies or taking the necessary steps to prepare for its arrival.

What Are the Penalties for Non-Compliance?

It’s important for businesses to understand that the penalties for non-compliance with the provisions of GDPR are substantial. According to Imperva, regulators can impose administrative fines up to an amount that is the greater of €10 million or 2% of annual revenues for non-compliance with “technical measures” (like impact assessments and breach notifications). Those fines increase to the greater of €20 million or 4% of global annual turnover for non-compliance with “key provisions” of the GDPR.

How Can Businesses Ensure Compliance?

To protect your customers’ personal information and avoid penalties, your organisation needs to take the steps necessary to ensure compliance, including the following 4:

  1. Perform a compliance audit: it’s important to understand the legal framework of GDPR and to audit your current IT practices as they relate to that framework. You can, for example, hire a data protection officer (who has both a legal and technology background) to help your business understand the new regulations and create a compliance plan to be completed prior to the May 2018 deadline.
  2. Create a data register: if a breach occurs during the early stages of implementation, your organisation will need to demonstrate the steps you’ve taken to achieve compliance. The best way to do that is by maintaining a careful record of those steps in the form of a data register (basically, a “GDPR diary”). This record provides some degree of legal cover.
  3. Complete privacy impact and data protection impact assessments: this step involves evaluating the way personal data is produced and protected. You should ask why each piece of data is being collected and whether it’s necessary for your business. You should also assess your current security policies and data protection strategies (for example, are you protecting data through encryptions or tokenisation) as they relate to the rights of your users and the provisions of the GDPR.
  4. Revise and repeat the process: you can’t assume that your first pass will identify all potential security threats to protect your customers’ personal information. For that reason, it’s important to repeat the process to identify and revise anything you missed in the first go-round.
Brexit & GDPR

Brexit has no effect on the need for UK businesses to comply with GDPR. The UK Government published the draft Data Protection Bill 2017 in September 2017, and this brings into UK law all of GDPR and alters some key parts on things like the age of minors included. There are no material changes or exclusions from the full EU version and so no time should be lost in starting the journey to GDPR compliance.