GDPR - What you need to know

Today the new General Data Protection Regulation (GDPR) comes into effect across the UK, replacing the Data Protection Act, and essentially making it much simpler for people to know the kinds of data held about them by companies, and how that data is used. Crucially, it also allows people to withdraw consent – particularly in terms of unwanted marketing communications – at any time. This means that from now on, you have the power to decide what kind of messages you receive and also how to stop anyone using your data if they are doing so against your wishes.

Despite the fact that it has caused a big headache for companies around the country for the last few months, it’s actually a really good thing. It gives control back to the people and means companies can’t get away with unwarranted behaviours which use your personal data in ways you wouldn’t like.

We’re pleased to let you know that Stage Invaders is already fully GDPR compliant. This includes implementing an updated Privacy and Cookie notice so that website visitors are fully aware of their rights, and we have updated our data storage methods so that any information we hold (whether that be people who have signed up to our newsletter, or existing customer information) is stored securely in encrypted databases to which only Stage Invaders staff have access.

Dragon in Cave Entrance GDPR.jpg

If you have any questions about GDPR and how we use your data, please email You can also submit a Subject Access Request to us at any time, which means we must disclose to you any information we hold regarding your personal details.

Whilst this isn’t exactly a fun blog piece, it is very important for us to let you know that we are taking the GDPR seriously, and have implemented its principles across our website, and within our data handling practices.


Here are some handy GDPR FAQs for anyone still unsure about the new legislation:

What is GDPR?

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It comes into effect on 25 May 2018.

Who does GDPR apply to?

The GDPR applies to any organisation that handles personal data.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Personal data includes but is not limited to; any information that can identify an individual, such as  email addresses, telephone numbers, photos and home addresses.

What are the key principles of GDPR?

Article 5 of the GDPR states that personal data must be:

• Processed lawfully, fairly and in a transparent manner

• Collected only for specified, explicit and legitimate purposes

• Adequate, relevant and limited to what is necessary

• Accurate and kept up to date

• Held only for the absolute time necessary and no longer

• Processed in a manner that ensures appropriate security of the personal data

What rights will I have under GDPR?

Under certain circumstances, by law individuals have the right to:

• Request access to their personal information (commonly known as a data subject access request).

• Request correction of the personal information that The Avalon Group holds about an individual.

• Request erasure of personal information.

• Object to processing of an individual’s personal information where the organisation is relying on a legitimate interest (or those of a third party) and there is something about the individual’s particular situation which makes them want to object to processing on this ground.

• Request the restriction of processing of their personal information.

• Request the transfer of their personal information to another party.

What is a Privacy Notice?

A privacy notice is a statement that tells individuals how The Avalon Group collects, uses and discloses personal data about the individual.

What is a Subject Access Request?

A Subject Access Request is a request by an individual for the information they are entitled to under GDPR. The Avalon Group has one month to respond to this request.

How do individuals find out more about GDPR?

More detail regarding the GDPR can be accessed at the website of the Information Commissioners Office (ICO), or by contacting the ICO by telephone at 0303 123 1113.

Now that’s all out of the way with, click HERE for some fun stories and music!