Introducing the GDPR
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. It updates the law on data protection, and affects all organisations that control or process personal data. That could be customer records, employee data - basically any data that relates to an identifiable natural living person.
The Information Commissioner's Office (ICO)
The ICO is the UK's body responsible for upholding information rights in the public interest. Part of their role is to ensure organisations meet their information rights obligations, and to provide information (and enforcement) to support this. They're the 'horse's mouth' on GDPR. Some useful resources you should look at:
Guidance on the GDPR (opens in new tab) - this guide explains the legislation and has links to checklists for businesses.
GDPR Checklist (opens in new tab) - takes you through the steps you need to take to make sure you're compliant.
PECR - Privacy and Electronic Communication Regulations (opens in new tab) - this guide covers marketing, and topics like opt ins, consent to marketing, etc. It covers the distinctions between marketing to consumers and businesses. It can help you clarify the basis on which you're processing data for marketing purposes, and to check whether or not this is legal. There are some indications that these guidelines will be updated in light of the GDPR, however for the time being they provide a useful guide and up-to-date information.