If you are a business owner or work within an organisation, it is more than likely that the new GDPR updates are a topic that has been circling around. However, unlike in the past, the latest data protection legislation changes will affect not only businesses but also the general public.
Data Protection Legislation Changes – What Is GDPR?
GDPR stands for General Data Protection Regulation; the law controls how organisations store, handle and use data kept on others. All businesses strictly stick to the GDPR framework, and it guarantees more privacy for all members of the EU.
How Will I Be Impacted By The Changes?
The idea of data protection is a concept that many of us are aware of, but at the moment, not all of us are directly impacted by. This is soon to change as not just businesses, but any individual that stores data could face a fine if they do not comply with the legislation correctly. It means that you can no longer take, store or pass on any information without full consent from the owner.
If in the worst case scenario, a situation does occur which leads to a breach of the legislation, you have up to 72 hours to report the issue. Here you are legally obliged to inform the regulatory body on how and why the breach occurred and how you plan to resolve the situation. You must also inform the individual whose data has been leaked, along with an update on a resolution.
How Can I Avoid A Breach?
Businesses hold the highest risk of a breach of legislation, in particular, those who operate through a CRM hosted system, work within a marketing agency or have an e-commerce website. It is more than likely that you have experienced buying a product online and from then onwards being bombarded with a whole host of promotional materials such as emails and text messages. From the 25th May, companies will only have the ability to work through an ‘opt-in’ scheme. They must clearly give a full explanation as to why they want to store your information and what it will be used for. It will then be your decision as to whether they continue to store your information and whether they have permission to contact you in the future.
If you are a business, it is recommended to make a detailed plan prior to the date in which the law comes in place with an ‘opt-in’ scheme in place. Either employ or train a member of your team to be a designated GDPR manager who can look out and manage all data storing processes. If you wanted to find out more information into the role of a data protection officer, take a look at this Digital Guardian article.
Even if a customer or client does decide to ‘opt-in’ and subscribes to your business, you must always still have an unsubscribe option at the bottom of every promotional material sent out. Clients and customers will have more say over their data, if they ask for their data to be removed from, for example, your mailing list, you must remove all traces of their information immediately.
It it crucial to do everything in your power to prevent a data breach, a full guide can be found on the Tech Target website.
What Are The Main Principles?
Although there are no set guidelines that you will be provided with or a checklist to follow to help you comply with all aspects of the legislation, there are three main principles that you must strictly follow.
The first principle of data permission, which relates to the idea previously mentioned on the topic of introducing an opt-in scheme.
All actions have to be made very clear; there can be no issues with a client or customer claiming that they didn’t notice or were not clearly informed that they were agreeing to their data being saved on your database. Personal information can only be stored if precise and clear permission has been given.
The second principle is data access, this relates to the control individuals have over their data. They are in their right to request for all traces of their personal information to be wiped from your database; they must always be aware of who has access to their data.
The last principle is data focus, which relates to the specific data in which you take and store. Clients and customers should only be asked for relevant data that will benefit them, along with a full explanation as to what their information will be used for. For example, building a customer profile to inform them on products they may be interested in or social offers.
How Can The Changes Benefit My Business?
The main advantage of the new legislation changes is that instead of all information from any previous client or customer being stored, only valuable data will be collected. If an individual is to physically opt-in to receive promotional material or to be contacted in the future, it means that they are interested in your business. For example, rather than sending out weekly emails with product updates to users who immediately delete your emails, you will only be sending to those who have a genuine interest and are likely to create a conversion.
Fully complying with all aspects of the data protection law will allow customers and clients to put more trust in your business as they know their information is safe. It is the perfect opportunity to build positive customer relationships and improving brand image.
Your organisation must be fully compliant with all new changes in the GPDR law by the 25th May 2018. It is recommended to do a thorough audit beforehand of your business to prepare yourself for the new laws. The lightest breach of the law can seriously damage your brand reputation and costs you millions of pounds to resolve. There has been a whole host of well-known brands which has been hit with extensive fines and compensation claims due to small mishaps in their data protection scheme. Make sure that you do not fall victim to a breach by making yourself fully aware of all aspects of the new changes by taking a read through the IT Governance training pack or the ICO guide.