The Digiterati

GDPR: Do we really need to pay attention?

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. It contains some of the toughest privacy regulations in the world. And it’s likely to affect your business whether you like it or not. Its key theme – consent for marketing – puts the customer in charge of data (and the way you communicate with them) more than ever before.

Larger organisations inside the EU are already relatively aware of the legislation and this week even Facebook has made a privacy-related announcement on the back of it. It says that its own preparations for GDPR are supported by the largest cross-functional team in Facebook’s history.

One survey found that the average business is spending over a million pounds on GDPR alone. That gives you an indication into the amount of work required to ensure compliance.

My business isn’t in the EU so I can safely ignore GDPR

No. That would be incredibly short sighted.

The fines for non-compliance are huge. The ICO said that these could be as a high as “€20m (£17.2m) or 4 per cent of a company’s total worldwide annual turnover, whichever is higher”.

Regardless of their size, all organisations that handle data about EU nationals are affected, even if they are located outside the EU and EEA (European Economic Area). There’s a lot to do to prepare for the new regulation. And some of the opportunities for getting your house in order are only legal now. Wait until after 25 May and that email you send asking customers to confirm they want to continue to be on your mailing list may well be breaking the regulations.

My business is tiny so I can probably get away with ignoring GDPR

You can try. But we wouldn’t recommend it. Even one person businesses are liable.

The UK is leaving Europe so we can forget all this legislation

That’s highly unlikely. The Queen’s Speech confirmed that GDPR regulations will be implemented into UK law. GDPR rules are going to be adopted into UK law regardless of what happens with the Brexit process. This is so that data can be transferred from the EU to the UK and not to interrupt international trade. Businesses operating in countries outside the EU (such as the US, Australia, New Zealand, South Africa etc etc) will need to comply with GDPR rules for handling European data, and so will the UK.

Why is Facebook bothered about it?

There are some key instances in which Facebook may serve as as the “data processor”. For instance when you use custom audiences and in measurement and analytics. As such Facebook has put in place an extensive amount of work and published its own guidance on the topic.

We’re pretty good at permission marketing and use double opt-in. We’ll be fine.

You’ll find that even your existing double opt-in processes are unlikely to be enough to meet the stringent new rules. And there are a number of other policies, procedures and historical information you need to be getting in place before GDPR-Day. We’re still seeing masses of sign-up forms that are non-compliant. And if you are collecting data now using non-compliant forms you only have a few months to contact those users and put it right.

GDPR applies to data you already hold and many organisations face having to delete large swathes of their databases by 25 May if they are unable to prove how they originally obtained consent to use that data.

What can you do about it?

Help is at hand. Here at The Digiterati we have pulled together a 40 minute Masterclass on GDPR  and what you need to do to comply. 

As well as examples of how other companies are getting ready for the changes, we provide a checklist of what you need to do in the run up to 25 May.

Remember – if you are an organisation that holds data on any individual in the EU or EEA, you are affected by GDPR. And you have a considerable amount of work to do to ensure compliance. Many organisations are now emailing their entire database to gain that all important GDPR consent. Don’t delay in getting up-to-speed as you could face considerable fines.

You can buy the GDPR Masterclass as a one-off or, instead look at our low cost AAA (Access All Areas) membership where you’ll get access to everything, not just GDPR info.

 

 

 

Comments