GDPR, dogged new data regulations – top line points, tips and tools
What is GDPR
I first heard the phrase GDPR (General Data Protection Regulations) in a room full of marketers at a conference, where it generated a general air of fear. In short, this was because it means updating data handling regulations from the existing Data Protection Act 1998, which are necessary to take account of the digital world we live in, to GDPR. If you take personal details from clients or manage them on behalf of a client, this applies to you.
The fear is caused by this phrase:
Under GDPR, organisations in breach of GDPR can be fined up to four per cent of annual global turnover or £17 Million (whichever is greater).
Take the fear away by preparing now. I have put together some information and steps that you can take to help your business comply.
When does it come into effect?
To whom does it apply?
You may think GDPR only applies to large data management companies, given the huge fines quoted above. But make no mistake – this applies to everyone who holds, stores, manages and uses personal data.
“GPDR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not” (EUGDPR.org website.)
You need to be able to prove that you have a process in place accounting for who, how, when and where your business data is used and stored, and that it is used in a responsible and legitimate way. This includes a named data controller and processor(s) for your business.
What is involved
Understanding the requirements and terminology for managing data is key to having a robust process in place. This in turn will help you understand whether you need consent to use this data for your business or if it represents a legitimate interest for your business to have this data to service your clients. If the latter is the case, consent is not required.
For example, if you need a name, address, phone number and email address to undertake an appointment, and if the email address is used for an appointment reminder which is arguably necessary to ensure sure the client keeps the appointment, then this is reasonable.
If however, you were then to send electronic mailshots to the same client with a product or service offer, you would be advised to have kept a record that this client has opted IN to receiving information updates from your business.
To gain an understanding in just a few minutes of what is involved, look at the FSB (Federation of Small Businesses) video here https://www.fsb.org.uk/resources/are-you-gdpr-ready
There are twelve steps recommended by the ICO (Information Commissioners Office) which will help you on your way. Information and support for large and SME concerns is available
START NOW - BE PREPARED
Links below to the ICO advise and tools
ICO helpline 0303 123 1113
Keep in touch with the GDPR conversation and myth-busting blogs here: