The New General Data Protection Regulations
This is, of course, something that fills every business owner with delight. A new regulation they have to adhere to and a deadline of 25th May 2018 to get ready by. It’s not all as bad as many people have been making out though and could actually be a very positive step forward. The current Data Protection Act was updated in 1998 which means that the current legislation is 20 years out of date. The new GDPR aims to bring everything and everyone up to a higher standard.
Nothing on this page is meant as legal advice, it’s only provided to help your understanding of the new regulations. It will be the Business Owner’s responsibility to have researched and implemented GDPR properly having taken the proper legal advice.
Who does GDPR apply to?
Any company that holds the data of individuals, that’s clients, customers or employees, needs to be GDPR compliant. Why? Well it’s all about transparency and making sure that a business is controlling and keeping information safe and secure. If you really care about your clients/customers/employees then isn’t it a good idea to show them you’re taking care of their details?
The whole process of becoming GDPR compliant can actually be a great way of updating the processes within your business and focusing your marketing efforts.
What information does GDPR apply to?
In short, Personal Data. According to the Information Commissioners Office Personal Data is, “… any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.
The regulations are there to stop Personal Data being lost, stolen or sold without the consent of the individual it belongs to (or identifies), and now requires companies to be more transparent about what information they hold, information they’re collecting, why they’re collecting it, where it is stored and how it is being used.
Lawful Basis for Processing Data
You will now need a legal basis to collect and process individual’s data. The most common reasons can be by getting their consent, so you can deliver a service or contract, if you have a legal obligation to do so or if it represents a legitimate interest.
Taking care of Individual’s Rights
The GDPR sets out a list of eight rights that individual’s will now have in regards to their data such as the right to be informed how their data is being used, the right of access to it and rectification (e.g. updating and changing of the details you hold), and the right to be forgotten (e.g. deleted from your systems).
WHAT DOES THIS MEAN IN PRACTICE?
From a website perspective, you cannot assume consent when collecting contact information, so an opt-in checkbox becomes essential and a link to your data policy which describes what you do with the data entered into the form.
Anyone you send email marketing to will need to consciously opt-in to receive it in future and you’ll need to ensure you provide an unsubscribe button in every marketing email and newsletter you send out.
Keeping track of which third party software packages you use, what information they hold, are they compliant and who has access is also important.