GDPR Made Simple
By badgerprint, Jan 8 2018 12:51PM
Often, the New Year heralds in fresh challenges for business owners. Not least of which, this year will include preparing for the General Data Protection Regulation (GDPR), which comes into force on the 25th of May.
The GDPR is a legal framework covering all companies that deal with the data of EU citizens. Its chief aim is to facilitate the free movement of data within a framework that upholds, respects and assures privacy and the proper use of data belonging to individuals. It will create a shift in the way companies hold and process personal data, giving new rights to individuals.
The amount of information available to companies looking to prepare for GDPR is vast and knowing where to start is in itself daunting. So, here a few simple steps you can take to ready yourselves for the advent of GDPR.
Review Your Data
Make it your top priority to review the data you hold and process. Whether it’s your customer list that you send direct marketing emails to or a database of service users containing a raft of personal information, review them now.
Look for things like, how long you’ve held the data, whether it’s still relevant for you to have it, and if you’re holding more information than is necessary. If in doubt, prune or delete it.
You also need to examine your data security procedures. In the event of a breach, would the data subject be at risk? If the answer’s yes, the possibility of a fine will be greater.
According to the Chartered Institute of Public Relations, the cornerstone of GDPR is the privacy notice. All companies, regardless of size, must have one.
Your privacy notice must state in clear and simple language what you intend to do with the personal data you are collecting and the procedures you have in place to protect it. It must be easily accessible and provided at the point of data collection.
This is an absolute right under the GDPR. You can find examples of good and bad privacy notices at www.ico.org.uk. Take this opportunity to review your privacy notice and ensure it complies with the new regulations.
New Data Rights
The GDPR contains seven fundamental rights for the data subject. Some already exist under the Data Protection Act, some are new.
These include, the right to request access to personal data held by a company, the right to request that personal information be rectified or deleted, and the right to request the processing of data be restricted or stopped.
If your company is involved in the processing of personal and/or sensitive personal data, you will need to familiarise yourselves with these rights. Above all, make sure you can respond to any requests adequately and within stipulated timescales.
Seen positively, GDPR could present you with an opportunity to reinforce your brand and re-ignite connections with your customers. Under the GDPR, the processing of personal data in order to feed your direct marketing activity is complicated.
Deciding whether you need opt-in or if you can continue to rely on opt-out depends largely on the type of business activity you undertake (B2B or B2C) and the format of your marketing campaign (email, text, telephone or letter).
Rather than tying yourselves in knots, trying to understand every eventuality and potentially falling foul of the law, taking a blanket approach to all your direct marketing activity may be the best way forward.
Get explicit opt-ins from all your customers, for all types of direct marketing. This can only enhance your reputation and create more valuable conversations with your customers – something definitely worth striving for at the beginning of a new year.