In May 2018, the Data Protection Act (DPA) will be replaced by the EU’s General Data Protection Regulation (GDPR). This more robust set of regulations will have tougher punishments for those who fail to comply around the storage and handling of personal data.

As a business dealing with data from thousands of children across the UK, Razzamataz has always been very quick to comply with the proper regulations. For individual theatre school owners, the onset of new laws could be a minefield of difficult information to process.

For Razzamataz theatre school owners, the benefits of being part of a large network gives them access to a dedicated resource where they can learn about how the changes will affect them, what they need to do to comply and how to protect the children in their care.

“We have started preparation for GDPR already so we have plenty of time to make sure our Principals are fully up to date when the new regulations come into force in May,” explains Denise Hutton-Gosney, MD and Founder of Razzamataz. “We have written policies and procedures, have had live webinars and will be dedicating some time to this at our annual Conference.”

The collection of personal data over the years has been commonly used for a wide range of areas in business. Everything from sales through to marketing and customer management. If not handled properly, it can fall into the hands of cybercriminals giving them access to names, birthdates and addresses.

Small business are also more likely to be targeted by cybercriminals according to a report from the Federation of Small Businesses (FSB). Many experts believe that the overhaul and introduction of the GDPR is well overdue and failing to comply because you don’t understand the new changes will not be a defence if found wanting.

Under the new regulations, companies must be clear on how personal data is used, limit how long it is held, secure its storage, and have express consent to contact the customer for other purposes such as marketing. Individuals can withdraw consent too, so its important to know your obligations. In the event of a data breach, GDPR forces companies to inform relevant authorities within 72 hours, giving full details of the breach and proposals for mitigating its effects.

There are many other new rules making the new GDPR a demanding process for any company. The experts warn that planning for all the changes will take time so businesses should be preparing well in advance.

“We appreciate that having the data of individuals, especially children, is a huge responsibility and we welcome the new GDPR,” adds Denise. “We have experts on board that have spent a long time looking into this and giving our franchisees all the information that they need to be fully compliant in this very important area of running a theatre school.”

To be part of our network of theatre school owners with access to the latest new developments in performing arts and running a business, contact our Head of Franchise Recruitment Suzie McCafferty to find out more about opportunities. For new franchisees, Razzamataz has a special offer of just £7,995 (£2,000 saving) to launch a Razzamataz theatre school. Plus until the end of 2017, Razzamataz will pay your VAT – a saving of around £1,600 and your first term management fee is free. To find out more, contact Suzie on or call 07793 054 233.