Data: The world is full of it, and with the advent of the internet, there has been a multitude of changes to the way data is handled and how we communicate. Emails, documents, bills, purchases – they all involve your personal data, and even though we don’t second-guess submitting this information, have you ever stopped to ponder how much data is shared online?
Anything and everything is stored digitally now: Your banking information, your contacts, your social media posts, even your IP address. You’re told by nearly every company that the data is used to make your customer experience even better next time you visit, but people are still left wondering what their data is really used for.
That’s where the General Data Protection Regulation (GDPR) comes in. The new legislation that’s been discussed lately has left people asking even more questions: What is it? How will affect my business? What does this mean for my data? Well luckily, we’ve done our research to answer these questions. Keep reading to find out our suggestions for handling the new rules.
What is the GDPR?
It’s a new regulation that will come into effect from May 25th 2018, and if you’re a business that sells or stores personal information, it will apply to you. The idea behind the GDPR is to give users greater control over their data and provide assurance that their data is being securely protected.
As part of the legislation, businesses with over 250 employees will also be required to hire a designated Data Protection Officer. This will be someone who must have a good understanding of the new laws and who will be responsible for making sure the business collects and stores personal data properly.
What does this mean for my customers?
The GDPR will mean that your customers will have more control over their personal data, how it is handled and updated. Primarily, they will now have the right to know how you will be using their data. This usually comes in the form of an “opt-in”, which will become even more crucial in proving you have your customers consent to use their information.
Customers will now have more rights for how their data is used after you have acquired it. For one, they will have the right to access the data, meaning they can request access and it will, therefore, be a legal requirement to provide this free of charge. Similarly, they will now be able to withdraw their consent from your business, giving them the right to have their data deleted.
Other rights for your customers would include the right for their data to be corrected, and also their right to object to their data being used on certain grounds.
How can I prepare for GDPR?
A lot of changes that will likely come about as a result of GDPR will be centred around your IT systems. This would include your business processes for tasks such as how your client’s passwords and files are stored.
For records such as these, you will need to be able to prove that the client has given consent for this data to be used. Similarly, with data such as their email address, for example, you will need to ensure they have given consent to receive communication from you in any form, such as a newsletter. The best way of doing this would be to show what they have opted into, as well as how and when they have done so.
That being said, GDPR will likely also have an effect on other processes such as project management, marketing, and networking. For example, for any new projects that involve your client’s data, your business would benefit from conducting a Data Impact Assessment, which would allow you to determine any possible risks to the client’s personal data and how this should be handled.
With any marketing you do, you should make sure it is compliant with GDPR, including opt-in and opt-out rules, email marketing best practices and tracking online behaviour. This is especially important if you are using data from a third-party company, as you would still be responsible for making sure you have their consent information. If you are networking, you will no longer be able to just add details from a business card to a mailing list, as this will not be complying with the new regulations.
How does this affect my security protocols?
Security of personal data will be more important than ever. Under the new rules of the GDPR, you will be legally required to report any breaches of data within 72 hours, however, you should aim to do this within 24 hours.
This includes if data is lost or stolen, and if the breach is deemed important enough by the Information Commissioner’s Officer, you will also be legally required to inform the customers who are affected by the breach.
Where can I go if I have more questions?
It is important to familiarise yourself with the new regulations, as if you’re found in breach of them, the fines could be extremely detrimental to your business.
If you want to find out more about the GDPR, you can visit The Information Commissioner’s Office website, where they have published an extensive guide to support you and keep you compliant.