Getting GDPR Ready

GDPR is a new law, which will officially apply in May 2018, and it’s a biggie… but what is it?

GDPR stands for General Data Protection Regulation, and in short, it means that individuals now have a lot more rights to their data than previously. Any data that can be linked to an individual falls under the scope of GDPR. The main impact of this will be within B2C businesses, but it will have an affect on B2B, too.

Here are some specifics:

1) Everyone now has the right to ‘Erasure’, or in layman terms, the right to be deleted and forgotten. For example, if you used to be a customer of British Gas, but now you aren’t, you can ask British Gas to delete any trace that they have of you on their records. The company in question will have to do so within 30 days.

2) You can ask a company to send you all the data they have about you on their systems. Again, they will have 30 days to comply.

3) Companies are no longer allowed to collect data unless they know exactly what they need the data for. So if a company decides to introduce a pop-up on their website, for example, which asks “do you like dogs?”, but they have no idea what they’ll do with this data once they have it, then they’re breaking the law.

 

GDPR Pop-Up

 

4) Getting consent from users now has to be very clear. If you want to email your customers from time to time, you have to ask them for their permission very clearly. So no more ‘creative’ wording to trick people into ticking the wrong box.

5) GDPR will continue to be UK law even after Brexit, so don’t put it off complying thinking it will go away. It won’t.

6) If you fail to comply with the new law, then you’re liable for a fine. And there are some huge figures being quoted. Fines of €20,000,000 or 4% of global revenue (whichever one is bigger) are being talked about. Clearly it pays to be on the right side of the law.

7) For B2B business, the new law doesn’t actually change any of the existing principles surrounding processing business data. However it does change the consent mechanism for business data that relates to sole traders and partners. This data is now considered personal data, not business data.

For example lets consider an individual’s business email address i.e: [email protected]. Because Joe Bloggs could be identified from his business email address it will now be considered personal data and will be subject to GDPR’s updated regulations.

Overall then, you’ll need to know; why you have/want data, who the data is about, what the data is, when you obtained the data, and be sure you gained consent for all of the above.

For our clients, GDPR will mostly apply to website design and functionality, and email campaign data; everything from cookies, contact forms, product reviews, newsletter sign-ups, analytics, pop-up forms and so on will be affected. So what are we doing about it?

We are in the process of working with our clients to make sure their websites and email databases are compliant ahead of the May 25th deadline; if this something we can help your business with, just get in touch [email protected] or telephone 01225 445 427.

If you’re unsure of the implications that the new law has on your business’ corporate responsibility, you should conduct a complete audit with the appropriate council.