So what is GDPR?
The General Data Protection Regulation is a regulation from the EU to unify and strengthen data protection for all European citizens. It is unaffected by Brexit and will be enforced in the UK from 25th May 2018 by the ICO. The Queen’s Speech in December 2017 proposed a new Data Protection Bill which will replace the Data Protection Act 1998. This will encompass GDPR, and when the UK leaves the EU, the new Data Protection Act would replace the GDPR.
The Government says the Bill will ensure that the UK’s “data protection framework is suitable for our new digital age and cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data”.
What is it for?
It is designed to give control back to the individual for how their personal data is used. This includes the ability to opt in and out of marketing material easily (consent) and being removed from databases (the right to be forgotten).
GDPR will bring a culture change in how businesses view their ‘data’, recognising that this is a list of individuals who deserve to know how and why their personal information is being used and stored. It will reduce the amount of data storage and processing that companies perform and ensure they act with transparency and accountability. The protection of customer data is paramount.
How does it affect me?
GDPR affects organisations globally who offer goods and services to European citizens, irrespective of whether money has been transacted. Organisation will have a duty to report certain types of data breach to the relevant authority. There are significant fines and legal implications for non-compliance.
Today, ICO can apply fines of up to £500,000 for contraventions of the Data Protection Act 1998. GDPR brings data breach fines for lesser incidents up to €10m or 2% of global turnover (greater). Serious violation fines up to €20m or 4% global turnover (greater).
Impact on Marketing
- Think about your brand reputation and TRUST
- You must prove consent before you can send any marketing
- You must create a clear journey for the customer to opt-in AND out of marketing messages
- Changes to how you use (process) customer data for marketing
- Need to tell customers how and why their data is being used
Impact on IT
- Thinking about where do you store data on your computer? Email accounts, software, cloud, Mailchimp?
- What devices do you use – mobile, laptop, home pc, servers?
- Think about why you have this data, where it came from and why you need it
- Ensure security processes for yourself and any staff members or users of your devices
- How about password protection and privacy policies?
- How long have you stored this data and why?
Impact on HR
- All staff and users will need to be trained on your GDPR processes
- Use of suppliers and third parties in relation to your data – they will need to be GDPR complaint too.
As you can see, GDPR impacts on your whole business and changes will need to be made as soon as possible to ensure compliance.
The good news is, we are here to help! Although GDPR covers many aspects of a business, SMEs can begin to prepare by getting started with a review of their own data storage and marketing processes. Check out our other GDPR blogs or contact us for more information.