What is GDPR?
Did you know that time is running out to ensure your business is GDPR compliant? With the deadline slowly creeping upon us we need to ensure our data protection is completely up to date and all our customers’ data is safe and secure. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy across Europe: the same law applies to protect all EU citizens data privacy and to change the way organisations in the EU approach data privacy. Although the key principles of data privacy are still the same as the previous directive, there are still many changes that have been proposed to the regulatory policies.
How will GDPR affect my business?
And business gathering data is required to comply with the new GDPR and must ensure it receives clear permission to use clients’ data for any purpose. Data users must also be informed how their data will be used and what marketing activates it will be used for. All data being held must be with clear permission and must only be used in the way described to the customer at the time the data is collected.
It’s not just the way we gather data that is changing but also the way we store and hold it. Businesses are required to document what personal data they hold, where it came from and who they share it with. In principle, this should help reduce the nuisance text and calls that irritate most people.
How data should be held
The GDPR requires you to maintain records of your processing activities. For example, if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy, so it can correct its own records. You won’t be able to do this unless you know what personal data you hold, where it came from and who you share it with. You should document this. Doing this will also help you to comply with the GDPR’s accountability principle, which requires organisations to be able to show how they comply with the data protection principles, for example by having effective policies and procedures in place.
When currently collecting any data, businesses are required to provide people with certain information, such as who you are and how you intend to use their data. This will usually be done using a privacy notice, under the GDPR there are additional pieces of information that will need to be added such as: you will need to explain how you will be processing the data, how long you hold it for and that all individuals have a right to complain if they think there is a problem with the way you are handling their data.
Any business involved in marketing (and most businesses do some level of marketing) should consider how the new GDPR will change things for them. As well as the changes to collecting data there are also changes in how we market and how we ensure people agree to receive direct marketing inputs. When gathering data, customers need to accept whether they would like to receive any marketing or not. They also need to be made aware of any instance in which they may be contacted and what it may be regarding. Businesses are required to specify any possible reason in which a customer may be contacted such as promoting new products or services and even updates on the business.
Privacy Notice Example
How can you find out more?
If you want to learn more about the changes a great site to visit is: https://www.eugdpr.org
If you have any questions about your marketing data and the need to comply please contact us and we will provide assistance.