NG Marketing

NGM Blog

facebook

twitter

linkedin

PAST POSTS menu

Close close menu

NGM BLOG

GDPR, dogged new data regulations – top line points, tips and tools

9.1.2018

What is GDPR

 

I first heard the phrase GDPR (General Data Protection Regulations) in a room full of marketers at a conference, where it generated a general air of fear. In short, this was because it means updating data handling regulations from the existing Data Protection Act 1998, which are necessary to take account of the digital world we live in, to GDPR. If you take personal details from clients or manage them on behalf of a client, this applies to you.

 

The fear is caused by this phrase:

 

Under GDPR, organisations in breach of GDPR can be fined up to four per cent of annual global turnover or £17 Million (whichever is greater).

 

Take the fear away by preparing now. I have put together some information and steps that you can take to help your business comply.

 

What is GDPR

 

When does it come into effect?

May 2018

 

To whom does it apply?

You may think GDPR only applies to large data management companies, given the huge fines quoted above. But make no mistake – this applies to everyone who holds, stores, manages and uses personal data.

 

“GPDR makes its applicability very clear  –  it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not” (EUGDPR.org website.)

 

You need to be able to prove that you have a process in place accounting for who, how, when and where your business data is used and stored, and that it is used in a responsible and legitimate way. This includes a named data controller and processor(s) for your business.

 

What is involved

Understanding the requirements and terminology for managing data is key to having a robust process in place. This in turn will help you understand whether you need consent to use this data for your business or if it represents a legitimate interest for your business to have this data to service your clients. If the latter is the case, consent is not required.

 

For example, if you need a name, address, phone number and email address to undertake an appointment, and if the email address is used for an appointment reminder which is arguably necessary to ensure sure the client keeps the appointment, then this is reasonable.

 

If however, you were then to send electronic mailshots to the same client with a product or service offer, you would be advised to have kept a record that this client has opted IN to receiving information updates from your business.

 

To gain an understanding in just a few minutes of what is involved, look at the FSB (Federation of Small Businesses) video here https://www.fsb.org.uk/resources/are-you-gdpr-ready

 

Next steps

There are twelve steps recommended by the ICO (Information Commissioners Office) which will help you on your way.  Information and support for large and SME concerns is available

 

START NOW - BE PREPARED

 

Links below to the ICO advise and tools

 

Support

ICO helpline 0303 123 1113

 

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

 

Keep in touch with the GDPR conversation and myth-busting blogs here:

https://iconewsblog.org.uk/2017/09/05/gdpr-setting-the-record-straight-on-data-breach-reporting/