We’re sorry we had to dupe you like that with a clickbait-y title but the truth is GDPR is begging for a little something, something to make it more engaging. We’ve sent four pieces of communication to our clients reminding them of the impending data protection laws on the run up to the deadline, the 25th of May. Businesses are sweating over it and we more than most understand that this adds a degree of unneeded stress and worry on top of your usual operations. Luckily for you we’re going to give you a hefty dose of well needed clarity on the matter. Stick with us, we’ll hold your hand, it won’t hurt much.
General Data Protection Regulation, or GDPR, is a new set of data protection laws that came into force across the EU on May 25 – replacing the oh so out of date 1995 Data Protection legislation.
Why? Because it’s well needed. Data is money, it’s more valuable than any precious metal or princely sum and with our increasing online lives we share more of it than ever before. Data has the potential to be manipulated and sold without our consent not to mention all those pesky sales calls and barrages of spam mail.
It affects you because the chances are you’re an enterprise that deals with data, most, if not all businesses are. Whether you know it or not, your website collects data from visitors (cookies) – that’s one incident. Two, chances are you store email addresses, in your inbox or a spreadsheet or scribbled in a notebook. Three you will undoubtedly have to collect financial information from your customers. Four, five, six recurring; to put it simply you can’t do business without utilising some kind of data.
But don’t panic, if you are complying properly with the current data laws then most of your approach to compliance will remain valid and just a few tweaks will earn you a big old tick from the data overlords themselves.
So what’s new we hear you ask, the overarching reason is to make businesses more accountable when handling customer’s personal data; this includes:
- Ensuring that when capturing data, consent is an active, affirmative action. Your customers have to tick a box to seal the deal – no longer can you assume their action with a pre-populated ticked box.
- You must keep a record of how and when a customer gave their consent.
- They can withdraw this consent and have the power to request all the information you have on them, this is called a Subject Access Request (SAR for short).
- Defining exactly what kind of cookies your website visitor can download before they make the affirmative action to download them, generally speaking, you can define two types, essential and marketing related.
Starting to make sense? Let’s get to the crux of it, what you have to do to comply:
- Ensure that from now on every new customer and enquiry explicitly give their permission to store their data.
- Not only that you need to get permission again from all your customers (hence all those GDPR related emails filling your inbox).
- And you must keep evidence of your customer’s consent.
- And of course, store all this data securely.
GDPR has the potential to very complex and if not adhered to extremely costly. Our advice is to swot up, make a plan and do it, make it your priority (get it out the way).
Good luck and see you on the other side.