The General Data Protection Regulation, or GDPR as it’s more commonly known, takes effect on Friday 25th May 2018. We thought we’d make it as easy as we could by doing the research for you. So, here’s everything you need to know in a three minute read…
What is the GDPR?
An updated, modernised version of the Directive, the GDPR is a set of European Privacy Regulations that must be abided throughout the whole of the EU and other, participating countries.
How does it differ from the directive?
Whilst many of the same rules apply, the GDPR is inclusive of a few more important principles, including:
- Increase in scope (affecting more people in more locations)
- Extension of personal data definitions
- Expansion of individual rights
- Tougher consent requirements
- Stricter processing requirements
What constitutes as ‘personal data’?
Under the new regulations, we’re now required to consider personal data as any of the following:
- Bank details
- Email addresses
- IP addresses
- Medical information
- Social media posts
- Photos and location details
How do I know if I’m ‘involved’ with personal data?
If you’re processing personal data in any way, shape or form, you’re involved with it. Processing includes collecting, recording, storing, organising, managing and using any personal data of those protected by the GDPR.
What do I need to do?
As an individual: Know your rights. As a citizen of the EU, protected by the GDPR, you have the right to:
- Access your personal data and determine how this is used by a company
- Be forgotten (you can withdraw your consent for a company to use your data and have your data deleted)
- Data portability (you can transfer your data between providers, without warning or notice)
- Be informed (you should be informed before your data is collected and be asked to provide clear consent)
- Have information corrected & updated
- To object (you can stop the processing of your data at any time and process must be stopped as soon as your request is received)
- To be notified if a data breach compromises your data (you must be informed within 72 hours)
As an organisation: Prepare to adhere to these guidelines for your clients.
Ensuring that you obtain clear consent for various processing activities will result in higher protection for you and your client. If a client has given consent for you to use their data in one way, it doesn’t automatically allow for another process to be carried out with that data. To best avoid sanctions, you should:
- Remove data that isn’t used or needed.
- Put security measures in place to guard against data breaches.
- Maintain a quick response rate to notify clients if data protection has been lost.
- Establish procedures for making sure clients are aware of their new rights.
So, if you’re an organisation, here are your next steps:
- You must display a clear check box on every data capture form across the website, allowing clients to consciously opt-in to all marketing activity if you’re going to store their data.
- You must contact clients frequently via their chosen marketing channel. If not, you need to send them an interim mailer to determine their interest every 6 months. If you’ve got a monthly or quarterly newsletter, this will get you around this!
- Under the GDPR, requests for personal data can be made free of charge. Everyone will have the right to obtain confirmation that an organisation has information about them, access to this information and any other supplementary information. If a client requests this, you must provide the information within one month.
Are there any sanctions for not complying?
Failure to comply can result in sanctions of up to €20 million or 4% of your global annual turnover – whichever is higher.
Need help to make sure you comply?
Our team are trained and understand what you need to do to make sure you comply with the latest directive. If you’ve got any questions, feel free to get in touch with us on 0800 084 3086.