ID explains GDPR

Thu 27 Jul 2017 - posted by Carole Bailey

GDPR is big news at the moment with the impending compliance deadline creeping closer.  There’s a lot of information floating around, some of it confusing, vague and peppered with plenty of confusing jargon.  We’ve been busy getting to grips with the ins and outs of GDPR so we thought we’d explain what it is in very simple terms to give you an overview, how it will impact your business and what you need to do to become compliant.

What does GDPR stand for? The General Data Protection Regulation (GDPR)

What is GDPR? A new regulation which aims to give the general public more control over their personal information, as well as making organisations that hold or use that data responsible for keeping it secure.   

Why is it coming in force?   With the movement of big data, people are becoming bombarded with sales and marketing communications.  GDPR aims to put stricter rules in place for the collection and storage of data which will ultimately allow the general public to pick and choose who they want to receive communication from.

What consumer data will GDPR affect? Any information that relates to an individual.  So, that could be anything from a name, photo, email address, phone numbers,  bank details or social media accounts, to name a few.

How will it impact your business? It will change the way that you collect, store and record personal data, as well as how you process that data. It’s not just your employee’s data, but also the data you keep on your clients as well as the data you share with your suppliers which will be affected. There are also new rules around the ‘right to be forgotten’, individuals rights to access information you hold on them, changes to privacy notices and new rules surrounding when and how to report data breaches.

Who is affected? All businesses, regardless of size, are affected by this new law.  The new law also puts the emphasis on companies ensuring that their staff are made fully aware of the GDPR regulations.

Will the UK need to comply when we leave the EU? Although GDPR is European Law, the UK government has pledged in the Queen’s Speech that this will be incorporated into UK law in full so that UK businesses can continue to trade with the EU.

What do you need to do?  You will need to look at the type of data you collect, how it is used within the business and ensure that it is stored securely.  Although the exact details are yet to be published, one of the biggest changes under the new regulations is that companies will be required to keep a full and thorough record of how and when an individual has given consent to store and use their personal data. Transparency will also be really important therefore you will need to clearly communicate what data is being held, how long you intend to store it for and how the consumer should go about withdrawing their consent.  This will require simple and clear internal policies and procedures to handle such requests within strict timelines.

Date for the diary: The new regulations comes into effect on the 25th May 2018.

What if I don’t adhere to the new rules what are the consequences? Hefty fines will be up to 4% of annual global turnover or €20m if you don’t comply.

What next?  Don't panic - but now is the time to start planning how you are going to tackle it. Interdirect can offer support and guidance on the first steps for your website, email campaigns and data handling to become GDPR compliant - so get in touch and get the ball moving. 

Share this: