The new General Data Protection Regulation (GDPR) comes into force from 25th May 2018, replacing the 1998 Data Protection Act. All businesses that handle personal data must comply. GDPR aims to improve consumers’ trust by giving them a lot more say over what companies can do with their data. In this week’s blog, we summarise GDPR and what it means for businesses and their customers.
What is GDPR
GDPR is a regulation designed to strengthen and unite the data protection process for all individuals in the EU. It applies to personal and sensitive data, including information such as name, email address, postal address, telephone number, racial origin and political opinion.
Large tech giants such as Google, Amazon, Facebook and Twitter have always offered their services for free, so long as people provide their personal data in return. The dangers of granting such permissions, however, have been illustrated in recent weeks by the Cambridge Analytica scandal, where 50 million Facebook users had their information harvested in order to influence the 2016 election in the USA.
In short, up until now, companies could use various methods to abuse people’s data. GDPR aims to prevent this from happening in the future. By making the data protection law identical throughout member states, the EU also believes that this will collectively save companies approximately 2.3 billion Euros annually.
Making Sure You’re GDPR Ready
To ensure that your own business is compliant with GDPR, you need to get your head around how your business processes any personal data.
Lawful Processing: You must meet the conditions set out in the GDPR for processing personal data. Although the same concept was present in the DPA, in the GDPR, the legal basis now impacts on an individual’s rights. For example, an individual has the right to have their data deleted.
Consent: Under the GDPR, you must be able to prove that you have consent to process and retain an individual’s personal data. Consent must be ‘freely given’, ‘specific’, ‘informed’, ‘unambiguous’ and delivered through ‘clear affirmative action’.
Three actions to take before 25th May 2018:
1) Cleanse Mailing Lists
Go over all of your mailing lists thoroughly. Delete duplicate entries, old information and any contacts that haven’t provided an ‘opt in’. In many cases, it may just be best to delete entire mailing lists and start again from scratch.
2) Transparency to Customers
Ensure that your customers can access their data and can opt-out whenever they wish.
3) Purpose for Data Collection
Understand WHY you are collecting the data. Only collect data if it is relevant to your marketing plans and/or specific projects. Don’t just collect details for the sake of them.
While the Data Protection Act only allowed non-compliance action to be taken against the data controllers, the GDPR now allows the Information Commissioner’s Office (ICO) to act against data processors too. Currently, the ICO has the authority to impose a Monetary Penalty Notice of up to £500,000. From 25th May, companies that are in breach of GDPR will be fined much heftier sums:
Fines for processors – up to 2% of Global Company Turnover or 10 million Euros (whichever is greater)
Fines for controllers – up to 4% of Global Company Turnover
With such large figures now on the table, can your business afford to be GDPR non-compliant?
Providing you’re compliant with GDPR, this new legislation is good news for business. GDPR can lower your marketing costs and make marketing, in general, more efficient. After all, you’ll be communicating with people who WANT to hear from you!
Ultimately, GDPR will improve the quality of the data you harvest and enhance the relationship you have with your customers and contractors.
To find out more about GDPR, watch this video: