The European General Data Protection Regulation (GDPR) is one of the latest buzz topics but what exactly does it mean and how will it affect your business? Whether you are a large corporate or an SME there is no escaping the fact that GDPR is coming and it is going to have an affect on everyone.
As of 25th May 2018 the regulations governing how personal data is collected and stored by organisations will change with the aim of enforcing stronger data security and privacy rules. Organisations that are discovered to be non-compliant with the new regulations will face heavy financial penalties (up to 4% of annual global turnover or 20m euros whichever is greater). Therefore, it is vitally important, that you act now to ensure the processes required under GDPR are in place within your company and you are GDPR compliant by May.
That is all very well, we here you say, but what exactly does it mean for my business and what do I need to do? The rules governing GDPR are complex, yet the primary aim is to provide individuals with more control over their personal data, give them enhanced rights to find out how their data is being used and achieve recompense in the case of misuse. The onus is on companies and organisations to prove that when collecting and processing personal data they are acting legitimately, with accountability and transparency.
To satisfy the guidelines of GDPR an organisation must be able to demonstrate, among other factors, that the data they hold has been legitimately collected and where consent is relied upon, they must be able to prove that each individual actively opted in to receive communications from the company as a bear minimum. The use of deemed consent by way of pre-checked tick boxes or any other measures is no longer acceptable.
There are a number of actions that organisations need to take to ensure firstly that the data they currently hold is valid and usable under GDPR and secondly that any data they collect moving forwards is in line with the regulations as result of the method in which it is collected and processed. The appointment of a data protection officer within your organisation should be the first course of action. It is also essential to ensure the use of a well written privacy policy, clear opt in statements and whilst not a legal requirement, a double opt in method for collecting data online, is advisable as best practice.
GDPR actually presents organisations with the opportunity to dramatically improve the quality of their marketing – rather than viewing data lists in terms of quantity the new measures will ensure that the focus is on quality – everyone receiving communications will be an interested party who is positively interested in information relating to the product or service in question.
For further information on GDPR and how it will impact your marketing activities please contact us. We will be happy to assist you in ensuring that you are fully compliant prior to the May deadline.
GDPR Certificate Success!
Our Account Director, Rachael Battersby, has completed the Chartered Institute of Marketing’s GDPR course so she is now fully versed in GDPR, the implications it will have on our clients marketing activities and actions that need to be taken prior to the deadline on 25th May.
If you would like to discuss GDPR and how it will impact your business or you have any other marketing requirements please get in touch.