8 Things You Need To Know About GDPR
General Data Protection Regulation, better known as GDPR, will be coming into effect in May 2018, and if you haven’t got yourself sorted for the big changes on how your business will be allowed to use and handle information of customers, you may want to start now.
Europe’s data protection rules are set to undergo their biggest changes since they were created back in the 90’s. GDPR will replace 1995’s data protection directive to give people more protection of their personal details and more rights to how their details are used.
So how does GDPR effect your business? Any individual, company or organisation that are either ‘controllers’ or ‘processors’ of personal data will need to follow the new laws in place relating to GDPR. Any piece of information used to identify an individual such as sex, race, religion, age and much more, will be protected by the new GDPR.
There are nearly 100 new articles that cover the legislation and set out the rights of individuals and the obligations of companies or organisations. These include making it easier for people to access information that companies may have on them and perhaps the biggest change to the use of data, is clear consent to use any individuals information. We’re going to be sharing with you the 8 most important things you need to know about GDPR.
- There is a whole bunch of new additions to what is classed as ‘personal data’ this includes social media handles, IP addresses and photos.
- If you break the GDPR rules, you’re going to pay for it. If you do not report ANY data breach under the new act within 72 hours you could face a fine of £9 million pounds OR 2% of your global turnover – the fine is based on which is greater.
- What is considered as consent to use data has been tightened and you will have the responsibility to make sure consent is clear. The traditional tick box is no longer sufficient enough proof of consent. It also means that consent can be withdrawn at any time the individual feels like it with the same ease as their consent.
- Your email marketing campaigns will be effected, your email database must have double opted in before you can use their data and send them information. By double consent this means ticking a box or entering an email into your website and then confirming their consent by clicking on a link in an email too. You will also need to include a statement being clear and concise about what you will be using their email addresses and other data they may share with you for.
- When GDPR kicks in on 25th May 2018 you must, if you don’t already, keep a record of every single consent record you have for every single individual you contact or take data from.
- GDPR applies to current data too so anything you already have will need to adhere to the laws enforcing in May. It might be worth getting a head start and getting your data in check in advance to ensure you do not get caught out in the future.
- Brexit will have absolutely no impact on the EU legislation in terms of the UK being subject to the laws. The UK government is currently passing legislation on an independent bill that will ensure that all GDPR laws will be included in, so there will be no changes when Brexit kicks in next year.
- You may need to assign or employ somebody to be the Data Protection Officer (DPO) for your business BY LAW. Although a DPO is a good idea for any business to ensure they are compliant with GDPR, some organisations and companies will be legally obliged to have one. This is only imperative if your company is engaged in large scale systematic monitoring of data, a public authority or your company processes large levels of personal data.
GDPR is definitely a lot to take in due to its vast changes and necessary updates to protect individuals rights and personal information. However, it is so important that you have a full understanding of the new legislation to ensure you do not find yourself in hot water or worse fined £9 million.