Worried about GDPR?

Not sure what to do - or how to meet that 25 May deadline?

We can help


You don’t want to rebuild your email list from scratch.  Because you already know its value to your operation. And you recognise it as a core business asset.

The good news is you don’t have to start again.

We’ve developed a 3-step process over 3 weeks that takes away the worry and stress. We will securely copy, verify and cleanse your existing email list so your list can be fully compliant with GDPR.


Our fully GDPR Compliant Process


All you need to do is send us an Excel or csv file of your database and your logo and we will email your list once a week over three weeks giving them the option to opt in or out of your list.  The emails will feature your logo/branding and can be signed by whoever is appropriate in your company.

Week 1 – we email your whole list

Week 2 – those who didn’t respond to the first email will receive a second email

Week 3 – those who didn’t respond to either the first or second email will receive a third and final email.

We will then return the clean list to you of those who opted to remain.

WARNING: You do need to be realistic as it is very likely that your list may be significantly smaller after this process.

In order for our process to be GDPR compliant, we will not keep any of your data once it has been returned safely to you.


Prices start from £95 for up to 1000 addresses –
but don’t delay. Time is rapidly running out!

I need to comply with GDPR!

About Us

Allan Scott

Over the years Mill House Media has gathered a trusted and talented team who each bring their own unique contribution. Since 2007,  the business has focused mainly on email newsletters. This has allowed founder, Allan Scott, to acquire a wealth of experience in handling large databases for a wide range of clients and business sectors.

Sean Billings

Team member, Sean Billings, is a software engineer and has many years of experience creating new software as well as developing and supporting off-the-shelf software systems and advising clients on how to get the very best out of their technology. He has developed the proprietary fully GDPR compliant system and process for Mill House Media.

I need to comply with GDPR!



Up to 1000 emails     £95.00 per email list

Up to 2500 emails     £145.00 per email list

Up to 5000 emails     £195.00 per email list

Up to 10000 emails   £245.00 per email list

10000+             POA

Prices are based on ‘clean’ lists that have been used to send out an email within the last three months. We can assist with cleaning an older list, but will usually need to make an additional charge – prices on application.

We are happy to use your wording on any of the emails, however, there will be an additional charge of £15.00 per email for customisation (over and above simple branding).

Larger lists may take longer to process.

Payment is required when you send your email database list to us.

I need to comply with GDPR!

Frequently Asked Questions

What is GDPR?

GDPR – which stands for General Data Protection Regulation – was developed by the European Parliament and aims to strengthen data protection laws for individuals within the European Union. It is designed to simplify and unify data protection laws across all countries in the EU.

The regulation becomes enforceable on 25 May 2018, at which point businesses need to ensure they are fully compliant, or they risk incurring hefty financial penalties. Far from being simply a tick box exercise, complying with GDPR requires planning and in some cases, a complete change in processes and procedures. Taking action well ahead of the deadline is therefore vital.

What are the penalties for not being GDPR compliant?

The GDPR imposes stiff fines on data controllers and processors for non-compliance.

If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalised for each provision. (83.3)

However, the above may not offer much relief considering the amount of fines possible:

Lower level

Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • Controllers and processors under Articles 8, 11, 25-39, 42, 43
  • Certification body under Articles 42, 43
  • Monitoring body under Article 41(4).


Upper level

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9
  • The data subjects’ rights under Articles 12-22
  • The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49
  • Any obligations pursuant to Member State law adopted under Chapter IX
  • Any non-compliance with an order by a supervisory authority (83.6).
What about Brexit?

Following Brexit, the rules will still apply in the UK, with the government planning to introduce a data protection bill that will closely mirror GDPR and its requirements.

I'm a sole trader, does GDPR affect me?

GDPR affects any business that holds or processes information about residents in the European Union.

This is true, even if the business itself is based outside the EU.

Why will my list shrink when I go through your process?

This can be for a number of reasons, particularly if you haven’t been vigilant in keeping your list up to date. It could be due to someone leaving a company, no longer being interested in your products or services, or simply apathy in not responding to the email request.

You need to have a positive opt in to continue to send emails to an address on your email list.

Can a confidentiality agreement be put in place prior to handing you my list?

Yes, we have a simple confidentiality agreement that we will sign and forward to you.

If you want a specifically tailored agreement, you will need to prepare that with your own advisors.

Is your process fully GDPR compliant?

Yes, it is and we will not hold a record of your data once it has been returned to you.