Merrehill | GDPR

What is the GDPR?

The General Data Protection Regulation is a European Union law. It was enacted in April 2016 and in force across the European Union from 25th May 2018, as well as in other jurisdictions that have adopted it. The GDPR represents the most comprehensive change to data protection law in Europe in over 20 years. It brings improved rights for individuals whose personal data is being stored and used by businesses, charities and governments. This places upon those organisations the obligations of transparency and accountability. They must bring the law in line with today's digitally connected society.

How does Merrehill provide GDPR Compliant Email Marketing?

Merrehill takes legal compliance seriously. We hold the concepts of personal privacy and fairness as significant as well as open communication in business. So, we want to make sure that we keep providing you, our customers with fully GDPR Compliant Email Marketing. We already take steps to ensure that the business-to-business marketing campaigns we design and run on behalf of our clients are compliant with existing business disclosure rules. Furthermore, we ensure we deliver them in accordance with The Privacy and Electronic Communications (EC Directive) Regulations Act 2003, also known as “PECR”. We are registered as a data controller with the UK’s Information Commissioner’s Office (ICO). This means that until the commencement of the GDPR, we have been operating in accordance with the Data Protection Act 1998.

Our new Processes, Policies and Agreements

Since 25th May 2018, Merrehill has been applying new processes and policies in line with the GDPR. We will continue to document and review any such processes and policies which relate to data protection and privacy law. By doing so, we ensure we maintain pace with updated guidance, statutory amendments and case law. We are continuing to offer our clients business-to-business, GDPR Compliant Email Marketing campaigns, including prospective lead generation campaigns.

With this in mind, we have balanced the legitimate interests of our business and our clients with the fundamental rights and freedoms of data subjects as contained not only in the GDPR but in the European Convention on Human Rights and Human Rights Act 1998. This ensures that we respect both commercial interests and individual privacy. To make certain that our relationships with clients, suppliers and partners remain compliant where personal data is transferred between organisations, we have put in place new agreements in line with the GDPR and ICO guidance. On top of this, we have developed new, internal procedures. These are in place to maintain information security and eliminate or reduce the risk to individuals whose data is being stored or used.

How do I exercise my data subject rights with Merrehill?

We have appointed a Data Protection Officer (DPO). This officer acts as a single point of contact for the ICO, data subjects and members of staff in all matters relating to data protection compliance. As well as by letter, anyone can contact our DPO by sending an email to or by telephone on 01625 800 586.