As the deadline for GDPR approaches, what do we need to know and what action should we be taking?
What is GDPR?
General Data Protection Regulations that come into force in the UK on 25th May 2018. Currently, the UK relies on the Data Protection Act 1998, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches and gives people more say over what companies can do with their data.
Who does GDPR apply to?
‘Controllers’ and ‘processors’. The controller says how and why personal data is processed and the processor acts on the controller’s behalf. Essentially any UK business that controls or processes personal data. Controllers must ensure personal data is processed lawfully, transparently and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, it should be deleted.
How do I get consent under the GDPR?
Consent must be an active, affirmative action by the data subject, rather than the passive acceptance under some current models that allow for pre-ticked boxes or opt-outs.
Controllers must keep a record of how and when an individual gave consent and that individual may withdraw their consent whenever they want. If your current model for obtaining consent doesn't meet these new rules, you will have to bring it up to scratch or stop collecting data under that model when the GDPR applies in 2018.
Are there any upsides to the new regulations?
The marketing community are viewing the new regulations as more of an opportunity to show transparency and to build honest and trusted connections with customers. By improving data quality they see an opportunity for more effective consumer engagement and conversion.
What action do we need to take?
Companies will need to review the data they collect and how they gather consent to use it. Larger companies may need to hire a data protection officer to ensure regulations are being met. In smaller companies cross organisational teams are being formed to understand the new regulations and changes they need to make to comply.
The ICO recommend taking 12 steps now. For further information click here https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
Jola provides voice and data services to IT and Telecommunications companies for UK SMEs. For further information about Jola…