What is GDPR and what do you need to know?
Are you aware of GDPR? And if you are, do you know how a breach could end up costing your business its financial security? According to a recent study, around 73% of their respondents, although aware of GDPR, were unclear as to potential fines with around a quarter claiming a fine wouldn’t bother them.
In the blog post we’ll look to set out the facts of GDPR and more specifically how it could affect you as a business.
What is General Data Protection Regulation (GDPR)
In May 2018, the European Union's General Data Protection Regulation (GDPR) will come into force, meaning that there are a lot of new compliances that companies will need to consider. GDPR is looking to replace the 1995 EU Data Protection Directive, which will reinforce for individuals in Europe the rights they have over their data, ultimately aiming to standardise the data protection law across Europe.
Even though GDPR is an EU directive, it has been confirmed by the government that the new law will be implemented regardless of the way the UK withdraws from Europe.
GDPR, the new EU regulation, will form how organisations will need to handle and protect personal data and report on any data breaches within 72 hours to its regulator and the customers involved.
What does it mean?
From May 2018, GDPR means that consumers have to give their consent for companies to use their data. They will also have the ability to withdraw that consent should they wish, or ask to see what data that companies are holding on them within one month of requesting so.
If companies do not comply with with the EU’s GDPR, it could leave them facing huge fines. Companies will be fined either 4% of global turnover, or 20 million euros, whichever is the greater, if they breach the regulation.
These fines could be catastrophic to an organisation, therefore it is vital that the whole scope of GDPR is understood and procedures are put in place prior to the regulation launching to ensure that all data is protected and valid.
Things that us and our clients need to consider
Processing data correctly for email marketing campaigns
The way that customer data is harvested via websites
Ensuring the collection of data is relevant for the reason of use
Consent of data, organisations will have to follow to a clear set of rules, detailed here form the GDPR:
"Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" (the General Data Protection Regulation).
All marketing databases will have to be cleansed, reviewed and monitored to be certain that each company has the ability to prove that consent was lawfully and fairly given for the use of the personal data.
When do you need to start thinking about it?
Although the regulation will not be operating until early 2018, it is important for all organisations affected to start familiarizing themselves with GDPR and understanding the procedures involved.
With the hefty fines attached to the GDPR ruling, companies must have accurate systems and setups in place to avoid, what could potentially be business ending, financial penalties.
If you are concerned as to how this will affect you, you can contact us today. You can also keep up to date with all of our posts by following our social channels.
Look out for our second blog post in this series as take a closer look at how GDPR can be applied to more specific data gathering.