GDPR compliance and Visit Nunney


GDPR is the biggest change in data protection law in more than 20 years. Here’s what we’re doing to ensure that Visit Nunney is GDPR compliant.


GDPR stands for General Data Protection Regulation. It comes into force on 25 March 2018. It is the reason why you are currently probably getting bombarded with emails and notifications about privacy and data protection.

It’s also why you where asked to agree to our updated privacy policy when you visited this website.

Companies that don’t take action to get ready for GDPR can face hefty fines of up to 20 million Euros after 25 May.

GDPR applies to any organisation that holds or processes personal data on people who live in the EU, wherever that organisation is based and whatever its size.

That can be information on customers or employees, for example.

According to the European Commission,

“personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

GDPR and personal data

So what does GDPR mean for you in practice? It means, for example, that companies will no longer be able to use long illegible terms and conditions full of legalese. They must be in clear and plain language.

Many companies hold highly sensitive personal information.

Some of that information you provide voluntarily, for example when you sign up for an email newsletter, loyalty card or Facebook account.

Other information is collected in less visible – and often anonymous – ways.

GDPR and Brexit

Although GDPR is legislation produced by the European Union, the British government has already decided to adopt GDPR after Brexit. So Brexit has no impact on GDPR.

The new regulation helps protect you against data breaches, for example by insisting that PCs, laptops, tablets and even mobile phones used to store personal data are encrypted.

You will also have the right to ask companies what personal data they hold on you. You can ask them to delete or correct it, if you like.

Companies will also have to delete your information when you stop being a customer (“the right to be forgotten”).

GDPR and Visit Nunney

As a smallish village website, Visit Nunney doesn’t collect much that can be classified as personal data. We don’t have accounts you can sign up for and we currently don’t even have a newsletter.

That doesn’t mean that we don’t collect any data, but most of it is not personal.

For example, Visit Nunney uses Google Analytics to help us monitor what visitors to our website – that’s you – are interested in. This means that we can produce more of the articles you love.

As a result we have seen our visitor numbers increase year on year since we launched the website in 2012. But none of the information collected by Google Analytics can be help us identify individual visitors.

Our website uses over 200 individual so-called ‘cookies’, that store bits of information to help give you an even better experience when you use our website.


From 25 March 2018 companies must ask you for your explicit consent before they can store any personal data.

That applies even to personal information that you have already voluntarily provided when you signed up to use the website or receive their email with special offers.

For Visit Nunney and most other websites it means that we must ask you to agree to our privacy policy before you can access the website. Luckily you have to do this only once.

Personal data outside the UK and EU

GDPR is also aimed at protecting your privacy and personal data when companies from outside the EU are involved.

The regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU.

With the internet being as international as it is, you may not even realise that a website is based outside the EU.

In other ways too your personal data may be handled by foreign companies. Visit Nunney, for example, uses Cloudflare, a computer service based in the US that helps us make our website much faster to load.

GDPR means that companies like Cloudflare must also be GDPR compliant after 25 May, which is reassuring.

More information

If you have any questions about GDPR and Visit Nunney, please get in touch.

Thank you for your understanding and cooperation in ensuring that Visit Nunney is fully GDPR compliant.