Getting Ready for GDPR

The General Data Protection Regulation (GDPR)

What it is, what we are doing, and what you can do.

The GDPR will become enforceable on May 25, 2018, and will set a high bar for global privacy rights and compliance. We are actively preparing our business and compliance processes for the GDPR to take effect, and this guide is intended to help our customers do the same.

Please note that this guide is for informational purposes only, and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organization.

What is the GDPR?

By now, you have likely heard of the GDPR: the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which has been the basis of European data protection law since 1995.

A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU. The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It will have a significant impact on businesses around the world.

When does it come into effect?

The GDPR was adopted in April 2016, but will officially be enforceable beginning on May 25, 2018. There will not be a “grace period,” so it is important that organizations impacted by the GDPR get ready for it now.

Who does it affect?

The scope of the GDPR is very broad. The GDPR will affect (1) all organizations established in the EU, and (2) all organizations involved in processing personal data of EU citizens. The latter is the GDPR’s introduction of the principle of “extraterritoriality”; meaning, the GDPR will apply to any organization processing personal data of EU citizens—regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.

There are a few definitions that will aid the understanding of the GDPR’s broad scope.

What is considered “personal data”? Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Consider the extremely broad reach of that definition. Personal data will now include not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more. This means that, for MailChimp users, at least a majority of the information that you collect about your subscribers and contacts will be considered personal data under the GDPR. It’s also important to note that even personal data that has been “pseudonymized” can be considered personal data if the pseudonym can be linked to any particular individual.

Sensitive personal data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection. You should not store data of this nature within your MailChimp account.

What does it mean to “process” data? Per the GDPR, processing is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” Basically, if you are collecting, managing, using or storing any personal data of EU citizens, you are processing EU personal data within the meaning prescribed by the GDPR. This means, for example, that if any of your MailChimp lists contains the email address, name, or other personal data of any EU citizen, then you are processing EU personal data under the GDPR.

Keep in mind that even if you do not believe your business will be affected by the GDPR, the GDPR and its underlying principles may still be important to you. European law tends to set the trend for international privacy regulation, and increased privacy awareness now may give you a competitive advantage later.

How is the GDPR different from the Directive? How are obligations changing?

While the GDPR preserves many principles established by the Directive, it introduces several important and ambitious changes. Here are a few that we believe are particularly relevant to MailChimp and our customers:

1. Expansion of scope: As mentioned above, the GDPR applies to all organizations established in the EU or processing data of EU citizens, thus introducing the concept of extraterritoriality, and broadening the scope of EU data protection law well beyond the borders of just the EU.

2. Expansion of definitions of personal and sensitive data, as described above.
3. Expansion of individual rights: EU citizens will have several important new rights under the GDPR, including the right to be forgotten, the right to object, the right to rectification, the

right of access, and the right of portability. You must ensure that you can accommodate these rights if you are processing the personal data of EU citizens.

• Right to be forgotten: An individual may request that an organization delete all data on that individual without undue delay.

• Right to object: An individual may prohibit certain data uses.

• Right to rectification: Individuals may request that incomplete data be completed or that incorrect data be corrected.

• Right of access: Individuals have the right to know what data about them is being processed and how.

• Right of portability: Individuals may request that personal data held by one organization be transported to another.

4. Stricter consent requirements: Consent is one of the fundamental aspects of the GDPR,

and organizations must ensure that consent is obtained in accordance with the GDPR’s strict new requirements. You will need to obtain consent from your subscribers and contacts for every usage of their personal data, unless you can rely on a separate legal basis, such as those found in number 5 below. The surest route to compliance is to obtain explicit consent. Keep in mind that:

• Consent must be specific to distinct purposes.
• Silence, pre-ticked boxes or inactivity does not constitute consent; data subjects must explicitly opt-in to the storage, use and management of their personal data.
• Separate consent must be obtained for different processing activities, which means you must be clear about how the data will be used when you obtain consent. 5. Stricter processing requirements: Individuals have the right to receive “fair and transparent” information about the processing of their personal data, including:

• Contact details for the data controller, which we will explain in more detail below.
• Purpose of the data: This should be as specific (“purpose limitation”) and minimized (“data minimization”) as possible. You should carefully consider what data you are collecting and why, and be able to validate that to a regulator.
• Retention period: This should be as short as possible (“storage limitation”).
• Legal basis: You cannot process personal data just because you want to. You must have a “legal basis” for doing so, such as where the processing is necessary to the performance of a contract, an individual has consented (see consent requirements above), or the processing is in the organization’s "legitimate interest.”

There are many other principles and requirements introduced by the GDPR, so it is important to review the GDPR in its entirety to ensure that you have a full understanding of its requirements and how they may apply to you.

Does the GDPR say anything about cross-border data transfers?

Yes, the GDPR contains provisions that address the transfer of personal data from EU member states to third-party countries, such as the United States. The GDPR’s provisions regarding cross-border data transfers, however, do not radically differ from the provisions in place under the Directive. The GDPR, like the Directive, does not contain any specific requirement that the personal data of EU citizens be stored only in EU member states. Rather, the GDPR requires that certain conditions be met before personal data is transferred outside the EU, identifying a number of different legal grounds that organizations can rely on to perform cross-border data transfers.

One legal ground for transferring personal data set out in the GDPR is an “adequacy decision.” An adequacy decision is a decision by the European Commission that an adequate level of protection exists for the personal data in the country, territory, or organization where it is being transferred. The Privacy Shield framework constitutes one such example of an adequacy decision. MailChimp participates in and has certified its compliance to the Privacy Shield framework, and we are committed to treating all personal data received from EU member countries in accordance with the Privacy Shield framework’s applicable principles.

What does this mean for you? Generally speaking, it means we expect that MailChimp’s EU customers will be able to continue to rely on MailChimp’s Privacy Shield certification in order to transfer their lawfully obtained personal data to MailChimp under the GDPR.

Do you need to comply with the GDPR?

You should consult with legal and other professional counsel regarding the full scope of your compliance obligations. Generally speaking, however, if you are an organization that is organized in the EU or one that is processing the personal data of EU citizens, the GDPR will apply to you. Even if all that you are doing is collecting or storing email addresses, if those email addresses belong to EU citizens, the GDPR likely applies to you.

What happens if you do not comply?

Non-compliance with the GDPR can result in enormous financial penalties. Sanctions for non-compliance can be as high as 20 Million Euros or 4% of global annual turnover, whichever is higher.

Source: Mailchimp - Our official Email Campaign manager. 

We Are Recruiting!

We are recruiting a Graphic Designer / Front end web developer.

Due to an increasing amount of Graphic Design and Website Design work here at XA Digital we are looking for someone with All round skills with an eye for detail that can help to create designs for Online and Offline purposes.
The role will be a senior role or training can be given to reach this stage.
Salary is flexible based on the candidate and skill set. We are a small team that has big growth plans for 2018 and many exciting adventures along the way.
Bonuses, Great Company Benefits and more.
Adobe Creative Suite
WordPress (optional)
Microsoft Office
Other Design Platforms
Please send your C.V to 

XA Digital Welcomes On-Board Folkington’s.

We are thrilled to welcome on-board Folkington's.

Folkington's are a Sussex based company which produces fruit juices, drinks and mixers that have unique provenance and authenticity.

They required a agency to redevelop & design their current website, design adverts for press, manage their social media accounts & to assist with photography & online sales.

Stay tuned for their new website launching soon!

We Have A New Office!

Due to expansion we are excited to announce we have decided to relocate to a larger office.

We are now situated at The Beehive, City Place, Gatwick, West Sussex, RH6 0PA.

Make sure to come say hello!

XA Digital Welcomes On-Board Lith-Tech.

We are pleased to announce we have welcomed on board Lith-Tech.

Lithtech are a team of passionate and fun loving people. They love tech and know that transport and electric powered machines are the future of the modern world.

Lithtech  required a Surrey / Sussex web design agency to fulfill their requirement of a mobile responsive attractive website for their business.

If you are interested in our web design packages please give us a call on 01293 852777.

XA Digital Welcomes on-board DTS.

We are pleased to announce we have welcomed on board DTS. DTS is a privately owned Independent company providing a diverse range of Freight Forwarding solutions to anywhere in the world.

DTS required a Surrey / Sussex web design agency to fulfill their requirement of a mobile responsive attractive website for their Freight forwarding solutions business.

If you are interested in our web design packages please give us a call on 01293 852777.

Included Laundry Goes LIVE!

Our web team have been hard at work putting LIVE one of our new clients website.

Included Laundry required a Surrey / Sussex web design agency to fulfill their requirement of a mobile responsive attractive website for their laundry business.

You can view their website here

SSL Certificates.

What is SSL?

What is SSL, exactly? “SSL” is short for Secure Sockets Layer. In simpler terms, it is how businesses communicate with customers that they can browse, buy products or services, and share information safely with you online. Without getting overly technical, adding an SSL creates a safe connection for those kinds of activities.

Think of an SSL certificate as a giant windshield for when you drive your car.

In much the same way, an SSL certificate protects your site — and its visitors — from many digital bugs & other nasty web creatures.

Before quickly dismissing your site as “too small to be a target,” bear in mind that most interceptions are done electronically without a human deciding who is attacked. No site is too small to get hacked.

A web bug doesn’t care how big you are or what you do for a living. They have one goal, and that is to find vulnerabilities. Once discovered, its dirty work begins.

We are offering all of our customers the opportunity to activate a SSL certificate for their website. We feel it is imperative.Get in touch today on 01293 852777.

We now offer digital training courses!

We are pleased to be able to offer digital one to one training here at our picturesque offices in Sussex.

Our team of highly specialised individuals are able to guide you in all of aspects of digital marketing from;

Google adwords
Web build & maintenance
Social media management & advertising.
Email marketing

Courses start from just £150. Get in touch today to see how we can help you.

Recent Changes to Google Adwords

A big recent change to Google AdWords will dramatically change the way you optimize your campaigns. Specifically, the change is impacting view-through conversions (VTC). This may seem like an overly technical thing that most Google advertisers may have never even heard of, but it is actually something useful for campaigns of all sizes. We all know what a conversion is. People buy something on your website or fill out a form -- Google AdWords sees that as a conversion.

For the sake of making this simple, every conversion is a product purchase. View-through conversions are nearly the same as a regular conversion except that right before buying, people saw an ad, didn’t click on it but bought the product anyway. In other words, with VTC, people buy after seeing an ad but not clicking on it. That’s the main difference between a VTC and a regular conversion. In regular conversions, a click is a necessary for it to count.

1. VTCs give you more accurate ROI calculations.

If you can use VTCs to determine whether a keyword or an ad is converting well, you might end up having more conversions in your account at the end of the day. The cost per conversion will be lower, and the margin calculation will be different. The calculation that you use to allocate how much you want to spend in advertising will be different as well. This is important for ROI because in the end, it will determine how much you spend during the campaign.

2. The new model actually makes sense to have it in your calculations.

Because it’s not 30 days, now it directly correlates to the work you are doing in advertising. Not only is it much more relevant, it would be a mistake not to include it because it’s a direct consequence of the adwork that you are doing.

3. Mobile to desktop or vice-versa? You can tell!

By including VTCs in your campaigns, you will be able to see, for example, whether somebody is converting from a desktop after they saw an ad on mobile without clicking the ad. Google has launched cross device conversion tracking so if you click on mobile but buy on desktop, they can still track the conversion. This change allows businesses to track conversions across devices.

4. You won't doubt your keywords again.

Keywords that you may be underestimating in terms of importance may be just the ones that bring you business. VTC data gives you the opportunity to evaluate things at a much

5. Display ads may be a wise branding move.

Because they are getting VTCs, but not direct conversions, it may be a good idea to keep placements running even though they don’t get that many clicks. They are helping you increase the overall amount of sales.

Overall, VTCs will definitely help businesses. You'll have a competitive advantage when it comes to getting better conversions at a lower cost.

Get in touch today here to see how we can help with your google ad words campaign.

Julavie Launches at Harrods.

We are absolutely thrilled that our client Julavie is now available in Harrods Knightsbridge.

With a touch of a button, it uses three tons of force to juice fruit in 90 seconds with the aid of a smart function designed to only start juicing when the lid is closed.

With a wide mouth design, the juicing bag fits perfectly and ingredients never touch the machine, leaving you with instantly fresh juice without the hassle of extra cleaning. Presented in a range of three colours, it is the only juicer you require.

You can view the product here.

Transformation Kitchen goes LIVE!

Our web team have been hard at work putting LIVE one of our new clients website.

Transformation kitchen required a Surrey / Sussex web design agency to fulfill their dream of providing a full service health and fitness company. Our team also designed their logo and manage their social media platforms.

Transformation Kitchen & Fitness Co is bought to you by a community of similarly minded individuals whose experiences and beliefs extend across the well-being world.

You can view their website here >

We Are Recruiting!

We are on the look out for a brand new team member!

We are looking for a individual with creative (adobe skills), hard working, passionate and an all rounder looking to join a fast expanding agency. We will be Interviewing asap.

Get in touch by email

We look forward to hearing from you!


Why you need a new website this year!

The digital world has seen the rise and fall of many local and world-wide businesses who have either not followed the curve or ignored the great digital movement. We want to stop that. 

Has your business made this crucial step yet? To go mobile and go digital. If not, why not?

A new website can not only give you an excuse to re-launch your business but it also means that you can show it off more.

We all know that a business is hard to run at the best of times, but what if customers can't find you online or even know what your latest offerings are?

We can help you to not only build, but to maintain and utilise your website and marketing on and offline so that your business can speak louder than ever before.

Cost, we hear you say? Well at XA Digital our first thought when creating the business, was, how much can a business really afford to invest in their website and even more, marketing when there is so much you can do.

We came up with a plan, monthly costs tat spread any larger cost over a time period of 12 months. Not only does it save you money but allows you to package up our services and save money on a bulk buy scheme which can only be a good thing for the momentum and effect of your marketing and online presence.

A strong digital platform gives you that sense of freedom, don't ignore it. Use it. Give us a call or email and go from there.

We will guide you though the options and help you to see what is or what isn't worth your money or time.

Don't forget to market your business even when you are busy. Sometimes that is the worst time to stop communicating to your customers. You may not be so busy at some point and need that database, social following or website to get them back.

EET App Acquisition

Today XA Digital are proud and excited to announce the partial acquisition of the innovative reservations widget EETAPP.

XA Digital are incredibly pleased to be involved with such a ground breaking company and are looking forward to introducing the future of reservations to the UK and global markets.

EET is a website widget currently helping the hospitality industry to control last minute bookings and to show automated availability online. Many restaurants, pubs and cafes leave walk in availability free for lunch and dinner services which isn't available to book in advance. The widget offers businesses the chance to convert online traffic into bookings when they are browsing the site and may want to pop in without a booking, the live availability gives them the information they need at the click of a button and without hassle.

The new acquisition also coincides with XA Digital's office expansion, placing growth as our firm priority for the upcoming business years. We look forward to welcoming more staff and increased productivity in 2017.

As a result of our growth, this has allowed XA Digital to expand into offering new services such as copyrighting and print design. Services which we look to be offering new and existing customers in due course.

XA Digital are one of Horsham’s leading digital agencies and their clients include Restaurant Tristan and The Dragon - Colgate. If you require anything digital the XA Digital team are always there to help. Get 10% OFF services quoting EET.

Contact XA Digital for any queries with the EET widget or our new digital and print services at: 01293 852777 or


See for more information on this fantastic product!

We love our NEW Horsham office!

We love our NEW Horsham office!

We have officially settled in to our cozy new Horsham office and are ready to take on opportunities in new emerging markets!

If your business needs a new website, or perhaps even a marketing strategy our friendly team are here to help.

At XA Digital we are a marketing agency that thirsts for new challenges. Proud to be specialising in Website Design, SEO, Graphic Design, Marketing, Photography & Social Media strategy.

If this suits your business, feel free to call us for a free enquiry: 01293 852777

XA Digital are confident about Brexit and their clients

Brecession or no Brecession that is the question?

Yes we meant Brecession.

With the recent news about the decision the country took to leave the EU. Here at XA Digital we analysed the effect it would have on our business and our clients too.

Brexit has sparked panic in the Pound and madness in the markets amid fears a recession will hit the UK. This is a daunting thought after 2008-11 left all businesses slightly worn out and many closing down.


Our business is a limited company with 3 very successful years under wraps. This gives our existing and new clients peace of mind when it comes to our strength and sustainability as a business. We know a lot of agencies that are not so safe and this is why we believe we make a better option for security of your website & marketing in the long term.

Do you ask your current agency about the strength of their business? Maybe it's time to do so!

With "Brexit" potentially sparking another recession in the UK and probably for the whole of Europe too it is more important than ever to keep your online and offline presence as a business strong and the momentum high. If you stay at the top of your game, you will weather the storm nicely. However if you cut out your vital marketing lifelines then you may fall flat if a recession does hit the UK.

Talk to us about your worries and the strength of your business in the coming years and we will try to guide you the best we can. Our services are designed to take the weight off your shoulders and to give life to your business from the bottom to the top.

Brexit is a time of positivity and hope that the UK can be great on its own. Let's show them.....

NYFold reaches high

Our website, branding & marketing client NYFold a pizza restaurant & delivery based in the theatre capital Soho, London is reaching the big time with a campaign partnered with Just Eat UK.

Just Eat recognised the restaurant due to there outstanding web presence, strong brand, ethics & great offering.

We were pleased to help raise the awareness of the brand and to also create the partnership for the campaigns.

NYFold can be found at 

Want great marketing for your restaurant? Call us at XA Digital

Merry Christmas Digital Style

Merry Christmas & a Happy New Year from us at XA DIGITAL, What a 2015 it has been, thank you to all of our customers, friends, staff and family for a wonderful year and a creative feast.

For all of your 2016 Website Design, Marketing, Creative Design and Digital needs give us a call from January 4th and let's talk.

Josh, Emma & Pablo

Working with hospitality businesses

We have been working with over 80 hospitality businesses for over 3 years and have found that many issues confront them in the digital and non digital world.

While sticking to our standard knowledge, we have adapted and changed the way we work with the industry to constantly gain control over a changing market and digital platform.

The purpose of digital for hospitality has become more and more a necessity of which has been ignored by over 70% of the industry until now.

We have strived to help those who has put marketing, websites, photography and social media on the back foot and that have forgotten to grow with the times.

It's not easy, we know that, that is why we help from the bottom upwards and start with the basics. Why do you need such platforms and strategies in place?

The answer is simple, because your competitors have it, or they will very soon. Don't get left behind...

Whether you are a hotel, restaurant, pub, cafe or street food vendor you need to be seen online, active online and most of all, part of the future. Otherwise customers will forget you in the ever growing mess of digital content.

If you want to know more about our one to one service and the relationships we build with our clients just give us a call on \

08445679005 or contact us via email at


Digital Marketing

Here at XA Digital we offer a full Digital marketing package. Starting at the basic analysis of your current marketing we build a comprehensive marketing plan that will encompass all available and relevant tools that we think your business should explore.

Email Marketing  - (e-shot)

Social Media Management / Marketing  - (Twitter, Facebook, Pinterest, Instagram, LinkedIn, Google Plus)

SEO  - (natural online search)

PPC  - (Paid online advertising with google or Social channels.)

Re-Marketing - (Further online ads that target your customers after they visit your site.)

Print Design - (Print that wows and captures, we design and print your needed artwork and campaigns)

Strategy & Consultancy - (ideas, PR guidance, Gorilla marketing, campaigns & business analysis)

Get in touch today to see how these services can help you. 

Remember, at XA we do it all, we do it well, we do it with you.


Food Photography – Why us?

I have been shooting food since i was old enough to make it. After spending years as a child cooking with my mother and attempting to become the next (Jamie Oliver) i found that my love of food could be a career choice at some stage. I studied food technology and got an A. Maybe cooking was in my blood?

I studied Music and Photography at college (A Level) with a very average result and a lack of direction going forward.

I then applied for a TV show called Rosemary Shragers - School for cooks. I got on, i did not expect that at all.

After being told that i had not made the next round i focused on other things for a few years so i was able to get by and find my calling.

I met my future mentor at a family BBQ and then my food world was blown open.

I started working as an apprentice chef under the renowned Scott Hallsworth Formerly trained by Nobu Matsuhisa himself.

This was the beginning of a 2 year battle to learn and to master Japanese cuisine. Not easy, but i gave it a good shot and became Chef De Partie within a year and controlling the busy Robata Grill section.

Here comes the best part, i got to shoot the food at the restaurant i worked at for their marketing and website platforms. The current photographer just did not understand food and how it should be shot.

The shoot went well and my shots became the essence of the restaurant and the website looked fantastic. I fell in love with combining my cooking and photography skills so wanted to build up a portfolio, so i did.

Shooting for many local pubs and restaurants i found that they also required help with website design, marketing and various other "techy bits" that i seemed to have a little knowledge about so i offered to help out.

With the client base building up i started a Digital Agency with some help from friends and family.

My food photography went from strength to strength and i found that i was enjoying it too.

I love to create a sense of reality with y photographs and not to fool or perceive fakery with the product i am shooting.

Customers want to see great food but real food also. So that is how i shoot.

I work with over 50 restaurants and pubs around the UK and i believe that my images have a great quality and feel about them.

If your business is looking for that extra touch and a photographer who knows your industry then give me a call.

I look forward to speaking with you.



Director of XA DIGITAL    /  In - House Food Photographer

XA Digital Help NY FOLD London

XA Digital have taken on the brand new pizza restaurant in London's Hip SoHo area.

The award winning, incredible tasting, obsessively authentic New York style pizza.

NY Fold required the help of XA DIGITAL to sort their SEO ranking and PPC advertising campaigns out.

We are also designing and building a brand NEW website for the brand to launch September 2015

We have just started and will update you on the progress soon.

Check out their new website created by XA DIGITAL here

Contact XA

Visit us: Unit 126, 3 Churchill Court,
Manor Royal,
Crawley, RH10 9LU
Call: 01293 85 2777
Company No. 08558997
VAT No. 164 1850 13

Recognised Online:


Let’s Tweet