GDPR is here
What is GDPR and what do you need to know?
Do you feel comfortable your company is GDPR compliant? And if you don't, did you know how a breach could end up costing your business its financial security? According to a study, around 73% of their respondents, although aware of GDPR, were unclear as to potential fines with around a quarter claiming a fine wouldn’t bother them.
In the blog post we’ll look to set out the facts of GDPR and more specifically how it could affect you as a business.
What is General Data Protection Regulation (GDPR)?
In May 2018, the European Union's General Data Protection Regulation (GDPR) came into force, meaning that there are a lot of new compliances that companies need to consider. GDPR is looking to replace the 1995 EU Data Protection Directive, which reinforces for individuals in Europe the rights they have over their data, ultimately aiming to standardise the data protection law across Europe.
GDPR, as EU regulation, forms how organisations will need to handle and protect personal data and report on any data breaches within 72 hours to its regulator and the customers involved.
What does it mean?
GDPR means that consumers have to give their consent for companies to use their data. They also have the ability to withdraw that consent should they wish, or ask to see what data that companies are holding on them within one month of requesting so.
If companies do not comply with with the EU’s GDPR, it could leave them facing huge fines. Companies will be fined either 4% of global turnover, or 20 million euros, whichever is the greater, if they breach the regulation.
These fines could be catastrophic to an organisation, therefore it is vital that the whole scope of GDPR is understood and procedures are put in place prior to ensure that all data is protected and valid.
Things that we and our clients need to consider
- Processing data correctly for email marketing campaigns
- The way that customer data is harvested via websites
- Ensuring the collection of data is relevant for the reason of use
- Consent of data, organisations will have to follow to a clear set of rules, detailed here form the GDPR:
"Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" (the General Data Protection Regulation).
- All marketing databases will have to be cleansed, reviewed and monitored to be certain that each company has the ability to prove that consent was lawfully and fairly given for the use of the personal data.
When do you need to start thinking about it?
Now!
With the hefty fines attached to the GDPR ruling, companies must have accurate systems and setups in place to avoid, what could potentially be business-ending, financial penalties.
If you are concerned as to how GDPR affects you, you can contact us today. You can also keep up to date with all of our posts by following our social channels.
Look out for our second blog post in this series as we take a closer look at how GDPR can be applied to more specific data gathering.