GDPR – 5 things you need to know…

 

eu gdpr

 

In May 2018, data protection is changing in a huge way. The introduction of the General Data Protection Regulation (GDPR) forces companies of all sizes across Europe to take notice, and act on data protection or face heavy penalties. No company is exempt from the new regulations, ignorance is not a valid excuse and action must be taken to ensure compliance. Here are 5 things you need to know about GDPR:  

1. Brexit does not apply to GDPR

Britain may be leaving the EU under Brexit, but the GDPR was agreed by all EU member states (including the UK) a long time before the Brexit ruling, meaning companies registered in Britain will be accountable under the GDPR and the regulations still apply, regardless of whether Britain is part of the EU.  

2. All personal data is affected by GDPR

So. you’re thinking about forwarding this article onto your marketing team with instruction to perform a data compliance audit? That’s a great start but it is a small drop in the ocean when it comes to GDPR. The important thing to remember about data that falls under the new regulations is that it relates to all personal data – that includes the data of your customers, your staff, and any other stakeholders to your company. This can be everything from mailing lists to HR records, CCTV footage and ID passes.  Anything that can be used to identify an individual person falls under the GDPR ruling and therefore must comply with the new regulations.  

3. Data usage must be explicitly outlined and audited

One of the key requirements of GDPR is the way in which data controllers (the companies who “own” the data) and data processors (the companies who “make use of” the data) outline to the data subjects – such as customers on their mailing list – exactly how their data will be used. This includes information on what information will be stored, for what purpose, and how long it will be stored. A great place to start with this is a full review of your company’s privacy policy. It is important to remember that the customer (data subject) will now have more power than ever before to obtain information on the usage of their data and even has “the right to be forgotten” – more on that later…  

4. Consent must be clearly given and not taken

Does your coffee shop give free Wi-Fi in exchange for signing up for the monthly newsletter?  Do you have an automatically checked “stay in touch” button on your online order forms? Under GDPR, this and many other common marketing tactics are no longer compliant with data protection.  The consent of the customer (or any other data subject) for companies to store and use their data for marketing (or any other) purposes now must be given explicitly by the subject and a clear auditing trail should be visible for every data subject and their relevant consent.  Should your customer wish to be “forgotten”, it is now mandatory under GDPR that you ensure that all data records relating to that person are permanently deleted (not just from your mailing list).  

5. Non-compliance comes with serious penalties…

Have you not yet thought about GDPR, or are you in the mindset “we’ll cross that bridge when we come to it”? Then STOP!  From 25th May 2018 GDPR will be in full force and the Information Commissioner’s Office (ICO) will be granted power to enforce serious and damaging penalties to companies that are non-compliant with the new regulations.  The penalties brought into force will be:

  • 4% of annual global turnover or…
  • A fine of €20m

Whichever penalty represents the greatest value will be enforced by the ICO to any company who breach the new regulations, meaning data security should now be taken more seriously than ever.  

We’re ready, to make you ready!

Contact us to chat about how Dynamic Edge can help you become GDPR compliant in advance of the upcoming regulatory changes.