Blog

What does GDPR mean for your business?

What Does GDPR Mean For You?

by rocketsciencedigital on March 1, 2018 No comments

What Does GDPR Mean For You?

With the May 2018 deadline looming, subdued panic is starting to spread around GDPR. No matter that we’ve had over 2 years to get compliant, many people have (quite understandably) put off thinking about it until the last minute. As with many issues related to data protection, it’s just too dull and has too much potential to limit business opportunities to want to face up to. So let’s start demystifying the whole thing…

First things first – what is GDPR?

The General Data Protection Regulation (catchy name…) is a new regulation by the European Parliament, designed to strengthen existing data protection laws. It changes the way data can be collected and used and makes a whole new range of processes necessary for anyone who collects personal data for marketing purposes.

In a nutshell, the aim is to give consumers more control over the use of their data and increased protection against misuse of that data.

Amongst a long and complex list of almost 100 new articles, some of the key concepts are:

  • allowing individuals easier access to the data companies hold on them;
  • clearer and more stringent stipulations on how that data may be collected and used;
  • new penalties for misuse of customer data.

Let’s be very clear – GDPR is not intended to stop companies marketing to customers, nor does it aim to stop you getting new customers or prospects to sign up.

GDPR is meant to ensure that companies have clear and effective responsibilities regarding the use of customer data.

So what’s new & updated with GDPR?

There are 4 main areas you need to consider:

  • Consent
  • Rights of individuals
  • Accountability
  • Enforcement

Consent

The requirement to gain clear consent from customers and prospects to use their data has been enshrined in regulation for many years. GDPR strengthens that requirement in the following way:

consumers must have taken affirmative action (e.g. checking a tickbox) to give unambiguous consent (e.g. clear opt-in wording) for specific use of data (e.g. a clear opt-in for marketing, or for market research, or for both, stated at time of data collection)

As before, if you’re providing valuable information and not trying to do anything underhand then customers shold be willing to give you these permissions. As long as it’s in their own benefit.

Rights of individuals

The existing rights of consumers will be strengthened under GDPR and they will gain a few new ones as well.

Right of access:┬áif requested, companies will have to give individuals access to the data held on them to verify the lawfulness of how it was collected. They’ll have one month to grant this access.

Right to be informed: companies must provide what is called “fair processing information.” In other words, display a clear privacy notice explaining how the data will be used. The emphasis is on clear. Be totally upfront and honest in what you intend to do with the data – if you’re above board you have nothing to hide, right?

Right to object: individuals will have the right to object to a business using their data for specific purposes, such as marketing (for example). Again, companies have an obligation to make the intended use clear at the point of data collection.

Right to data portability: individuals can now transfer information a business holds on them to another data controller. What does that actually mean? Well, imagine if you could transfer your favourite Spotify playlists straight into iTunes. Or if you could send data from your FitBit to your GP surgery’s systems. That’s what this is.

Accountability

You’ve seen the slew of news stories about high-profile data breaches? The accountability provisions of GDPR are meant to stop those happening. Businesses will be held more accountable for the processes and governance in place to cover handling and processing of personal data. This area of the regulation includes the futuristic-sounding Privacy by Design. Companies will have to take technical and organisational steps to ensure safeguarding of customer data is built into all data collection, handling and management processes. Basically, make sure customer data is completely safe at every step.

Enforcement

Companies face much higher fines for not meeting GDPR requirements. For the worst types of infringement, a fine of up to 4% of annual worldwide turnover could be imposed. That’s steep enough to make sure any business is pretty keen on keeping clean.

Summing up GDPR

Essentially, GDPR strengthens and enforces data protection regulations that have been in place for several years. There are of course aspects which may change how you manage and process customer data. But if you’ve already been complying strictly with current data protection laws there really shouldn’t be too much for you to worry about. The most important thing is to audit what you’re doing now and understand how you need to adapt that to avoid falling foul of the new regulations.

We said it was all pretty dull so thanks for sticking with us! Now you’re here, leave a comment to tell us how you’re planning to approach GDPR compliance in your business.

Share this post:
rocketsciencedigitalWhat Does GDPR Mean For You?

Join the conversation