The World is Nigh, or at least that’s what the gloomers who jump on the GDPR wagon would have us believe…
So what is GDPR?
The General Data Protection Regulation (GDPR) is a series of principles designed to strengthen the protection of data for EU citizens and residents. Having been ratified in April 2016 it will be enforced by every EU state from the 25th of May 2018 onward. It represents the single greatest advancement of EU data privacy in more than two decades.
“…to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
While many of the legislative principles that make up the GDPR are similar to those found in the current Data Protection Act (DPA), there are a series of new measures and significant enhancements involved. Scary stuff huh? So what does it mean for most businesses? The world is nigh and we all have to STOP contacting our databases? No, not quite, but businesses need to embrace rather than shy away from GDPR. Use it as an opportunity to re-engage with your database.
The introduction of GDPR is to protect individuals from potential future data breaches. It will allow individuals to wield far more control over the personal data that companies retain about them, and place significant emphasis on businesses ability to demonstrate data control and security. Some businesses believe this is an EU decision and is enforceable by European Courts of Justice (ECJ) and will need to be ratified in our own laws to make this happen. This is made more prevalent with the U.K leaving Europe after the BREXIT vote, and whether our politicians have the willpower or desire to adopt this legislation into our own legal system.
What data does it cover?
“Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”
Who will be affected by GDPR?
These changes will impact any company that collects their clients’ personal data whether it’s through a website, an app, email or any other means that results in personal data being retained in an internal database.
This means that many businesses will have to adjust their approach to data retention and transparency, in order to ensure they don’t incur a non-compliance sanction of up to €20,000,000 or 4% of annual worldwide turnover.
Gaining Consent will be key
Whether you believe that the new law is going ahead or not, it is imperative that you embrace these changes. In fact, it makes good practice for companies to review their databases and to re-engage with their contacts, customers, and suppliers to gain the permission to contact them.
This doesn’t have to be scary. Here are some simple tips on what you can do:
We recommend an opt-in approach allowing you to contact your database in the future (you can no longer rely on tick boxes). What I suggest you do is send out an email before the deadline in May, to tell your contacts that you are getting GDPR compliant and wish to continue to contact them on a regular basis. Allow your contacts to re-register to your contact list with the clear understanding that they wish to stay in touch.
The tough(ish) bit
Businesses can no longer hide from what information they hold on a customer or supplier contact. The burden of proof now lies with you. You need to show what information you hold on people and if asked you amend, update or delete – you need to do this.
How you can improve things…
If you send out emails, update your database of the changes you are making and let them know why you are doing it. Ask your audience to opt-in to your list.
When networking and picking up cards, ask the businesses if you can contact them in the future, letting them know that you have a GDPR policy (write on the card GDPR in front of them). If they say NO you know what to do with the card.
If you’re running events, get your contacts to fill in a GDPR form (you will need them to fill in their details – DON’T DO IT FOR THEM).
Website forms need to have an updated GDPR policy and opt-in form.
Membership organisations need to update their membership forms to include GDPR policies and make it clear that members need to seek independent opt-ins to contact each other outside of forums.
If you have any questions or concerns about the potential impacts of GDPR on your firm, please contact www.intuitivemarketingagency.co.uk here and our web development experts will be happy to help.