Who will be affected?
Does your company obtain, use or store personal data: anything from a name, e-mail address, photo, bank details, posts on social media, medical information or even an IP address?
Whether you have 1 employee or 100, the answer is yes – you may not even realise it. Therefore, every single company needs to start getting clued up on General Data Protection Regulation (GDPR), which will replace the existing regulation (UK Data Protection Act 1998).
GDPR will dramatically change the data landscape. It is the most comprehensive privacy and data protection law to come into effect in the past 20 years and will have an enormous impact on all businesses. As of May 25th 2018, we all have to comply with GDPR.
If you think Britain exiting the EU means you don’t have to comply, then think again. The Information Commissioner’s Office (ICO) has already announced that Brexit will not affect the Regulation coming into force.
It will change the way we work
A great part of an SME’s time is spent obtaining and using personal data. Think of it this way: all of your client information, contacts, newsletters – they all constitute data. GDPR’s aim is to shake up the way we process all of it.
When obtaining data, we will have to make sure its source and processing is GDPR compliant – be it from a business card or acquiring data from mailing lists. When gathering data, every business will be required to explicitly state what it will be used for and in what way in an understandable and cohesive way (think plain English!).
In regards to storing and using data, changes will come to all communications. You will now be required to be able to show records of your client’s consent to receive messages from you upon their request. You will also be required to simplify the process of opting-out (unsubscribing) from all communications such as newsletters.
It doesn’t stop there! If a customer requests the ‘right to be forgotten’, which they are well within their rights to do, all their data has to be permanently removed from all databases, which includes back-ups and external servers.
There are steps we can take to prepare
The changes will be extensive; therefore, it is crucial to start preparing for GDPR as soon as possible:
- Review current data management processes now – what data do you have, where is it stored, who uses it and how, have you been given full consent? Consider if you can easily access and erase it should the need arise.
- Review existing communication and marketing strategies: do you have double opt-in for e-mail campaigns? Do you acquire data by means of pop-ups or pre-ticked forms? Can you prove you have full consent
- Create a transparent privacy and security policy for your company, which sets out your approach to data in plain English, and can be easily accessed – make it stand out on your website and provide a link to that page in all of your communications.
- Utilise the tools which are already out there to help you – take the ICO’s data protection self-assessment and find out what you need to do to be fully compliant by May 2018.
- Educate your staff – GDPR compliance relies on lack of human error. Make sure your staff is aware and trained in how to behave and run the business in compliance with the new regulation.
There is a lot at stake
There are two aspects to non-compliance with GDPR. The first is the massive fines the ICO will issue – legislation might state that as €20m or 4% of global annual turnover, whichever is greater, but don’t assume this rule you out if you are a small business. There will still be fines to pay, and we expect them to be considerable!
The second aspect is the loss of business to better-prepared competitors, when the unprepared companies have to deal with breaches, investigations or sanctions and reorganisation. Non-compliance also poses a risk of loss of customer trust and loyalty – which is the most precious thing any business can have!
We can all benefit from GDPR!
Showing customers your business is ready for GDPR will have a positive impact on customer trust and loyalty, and facilitate building genuine relationships. A recent CIM study revealed that 67% of consumers would be happy to provide more personal data if organisations were clear and transparent about how they plan to use it!
GDPR will affect companies of all shapes and sizes! In a world where all of the content is branded as “tailored”, only the ones who can truly prove they care about their audience will be able to put their money where their mouth is.
Do that by sending a clear message showcasing your company’s devotion to security standards and ethical data collection. Communication of that message and reaching the right audience will be key to your success!
If you have any questions or wish to discuss GDPR in more detail, please give us a call at 01484 637 980 or email firstname.lastname@example.org.