The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018.
GDPR will replace the current EU data privacy laws and the UK Data Protection Act 1998. Despite Britain leaving the EU, the UK government confirmed in June 2017 that it will uphold the new legislation. Therefore a Brexit makes no difference, and the overhead of compliance with GDPR is real.
Although we have had two years’ notice of the deadline, few businesses are fully aware of the new rules and even fewer are prepared. Unlike other regulations which have given a grace period for compliance, any new processes must be in place by the date that GDPR is enforced, that is 25 May 2018.
With respect to privacy, regulated companies will now be required to build privacy settings into their digital products and websites and have them switched on by default. In a major departure from current standards, assuming that your data subject has opted-in by default is no longer permitted.
Prefer to get all this information to read later? Download everything in one pdf:
GDPR seeks to put individuals in control of their personal data
The new regulations empower a person to choose whether and how firms use their data. It aims to protect individuals regardless of where they are or how that data is stored.
1. Sharing & consent records
GDPR requires you to maintain records of all data processing activities to ensure that personal data is not shared without consent.
The definition of personal data is expanded to include IP addresses, internet cookies and even DNA.
To what extent have you gained explicit permission to use clients’ data for a given purpose?
Can you prove that it is only being used for that purpose?
2. Are you able to confirm the details of all the data you hold?
GDPR applies to all firms processing the personal data of individuals residing within the EU, regardless of the location of the firm. Individuals will have the right to obtain details of the personal data being held, how it is processed, where and for what purpose.
Furthermore, they will have the right to a copy of all personal data which they have previously supplied.
Do you have all this information to hand and how easily could you find it?
Who will handle any requests for information?
3. The ‘right to be forgotten’
GDPR introduces a new ‘right to be forgotten’ which entitles individuals to have every piece of information held about them by a company deleted on request.
This applies to every piece of IT equipment, server, back-up and storage facility simultaneously.
Do you know where every piece of personal data about your clients is held, including copies that may have been sent to suppliers, partners and government agencies?
Can we help?
Request a free consultation
We are always happy to explain the tremendous opportunity inbound marketing represents to businesses like yours, and how effective it is in generating qualified leads that turn into customers. If you’re curious, reach out and we’ll set up a time to talk. It’s completely free and without any obligation on your part.