GDPR – What is it and how will it affect you?

What is GDPR?

On May 25, 2018, a new European privacy regulation called The General Data Protection Regulation (GDPR) will come into effect replacing the current Data Protection Act 1998.

This regulation will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It provides citizens of the EU with greater control over their personal data and assurances that their information is being securely protected across Europe.

According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details and updates on social networking websites, location details, medical information, or a computer IP address.

How GDPR will affect your business?

There is a lot of scaremongering about the impact of GDPR, focusing on how much data control is required and how hefty the fines can be. However, the reality is lots of businesses are already complying with GDPR and working with service providers who have experience of delivering GDPR compliant services.

This new data protection regulation puts the consumer in the driver’s seat and the task of complying with this regulation falls upon businesses and organisations.

Customers are within their right to request a copy of whatever data is held on them by a business, and how it is used, as well as to have that data erased once the business has completed any previously agreed data processing. If your company holds personal data on someone, you should be prepared for the possibility of that data being requested or removed.

What do you need to do?

All organisations and companies that work with personal data should appoint a data protection officer or data controller who is in charge of GDPR compliance.

There are tough penalties for those companies and organisations who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.

The conditions for obtaining consent are stricter under GDPR requirements as the individual must have the right to withdraw consent at any time. This means you have to be able to prove that the individual agreed to a certain action, to receive a newsletter for instance. Businesses are not allowed to assume or add a disclaimer, and providing an opt-out option is not enough.

If you purchase marketing lists, you are still responsible for getting the proper consent information, even if a vendor or outsourced partner was responsible for gathering the data.

Currently if you meet potential customers at a trade show and exchange business cards, when you come back to the office you are likely to add the contacts to the company’s mailing list. In 2018, this will not be possible anymore. Companies will have to look at new ways of collecting customer information.

It is clear to see that GDPR will create challenges and pain for us as businesses, but it also creates opportunity.

Companies who show they value an individual’s privacy (beyond mere legal compliance), who are transparent about how the data is used, who design and implement new and improved ways of managing customer data throughout its life cycle build deeper trust and retain more loyal customers.

As with any new regulation we are getting more and more information all the time and we will keep you updated as and when this new information is published.

In the meantime if you are concerned with regards to how GDPR will affect you, get in touch on 0161 249 5040