White Plains, NY -- (SBWIRE) -- 11/07/2017 -- By next year, all businesses in the UK will have to comply with General Data Protection Regulation (GDPR). It will dramatically overhaul how company's collect, process and store data. Businesses must prepare for the changes, as it is a legal framework, replacing the previous 1995 Data Protection Directive. To help navigate this loom minefield, here's some key things to know on how to get up to speed with the GDPR.
What is the GDPR exactly?
As of May 2018, explicit consent will have to be given to access the information people give to companies. Under the new rules, companies will no longer be able to use long terms and conditions that don't explicitly inform the user and request their consent clearly. Failure to clearly demonstrate consent as outlined in these new guidelines will result in fines. Also, all companies will have to notify data breaches to the relevant authority within 72 hours of first becoming aware of the breach. The main goal of the new legislation is to strengthen data privacy and the rights of EU citizens online.
How will it work in practice?
Changes under GDPR will impact how companies work in several ways. A data processing officer (DPO) will be required for all the main activities in regulating and overseeing data. DPOs will be the driving figures behind the fostering of a data protection culture within companies and organisations. Any company that processes personal information will need to appoint or delegate one. Also, Privacy Impact Assessments, which is a tool companies can use to collect data, are going to be made mandatory under the GDPR. The legislation applies to all businesses in the EU and even to non-EU organisations that process any data from EU citizens.
The way marketing activities and data permission are managed are set to change. In practice, companies will have to make sure that a person wants to be contacted by including an opt-in on sign ups. This means that organisations can no longer assume people want to be contacted. For example, companies won't be able to automatically sign visitors up for emails when they fill out a web form, or enter a competition.
The customer must understand what they have consented to, without any hidden details, and companies must tell people they have the right to withdraw their consent. Consent requests must be separate from other terms and conditions, with an explicit action to opt-in. In short: Consent must be obvious, unbundled and user-friendly. The point is that people must have an ongoing choice for how their data is managed.
How to prepare for GPDR?
First, review any documentation, assess what data has been processed and where it came from via an information audit. Likewise, procedures should be updated so that they comply with the guidelines. Under the GPDR, an individual has the right to request that their data be erased – therefore, the procedure for dealing with such a request must be put in place. This is the case for both employees and customers who use any online services. It's critical that the right systems and tools are in place to detect a data breach, including hiring a DPO.
It's important all members of staff know how to process data in the proper way, as companies can be fined otherwise. Fines can be as high as €20 million or four per cent of a company's global turnover. It's important to note that emails sent to customers asking for their consent are not allowed, as they are within themselves classified as marketing. Flyby learned this the hard way when they were fined 70,000 in August 2016 by the ISO for unsolicited communications. The penalties for this type of data breach will be far heavier under the GDPR.
It's very important organisations begin moving towards GDPR compliance. Above all, the key things to remember are: get valid consent for using personal data; there are a new range of fines and punishments to be aware of; organisations need to make sure they are asking for consent/permission consistently. Fear not: There's still time to prepare and keep away from fines and ensure further success.
About Terrier Agency
Terrier Agency is a digital advertising, marketing and strategy agency based in London. Their aim: To help their clients move forward faster. They specialise in areas such as blogger outreach, SEO and email marketing.
MEDIA CONTACT INFORMATION:
NAME: PATRICK MACNAMARA