First thing’s first, it comes into place on 25th May 2018, so if you don’t know anything about it just yet, or are still wading through all of the webinars, whitepapers and conferences dedicated to it, you’ve still got time. We urge you to read on to find out a little bit more!
GDPR, the General Data Protection Regulation, is the buzzword of the moment, particularly amongst business owners and marketers. It’s in our email inboxes, it’s the main topic of conversation at conferences and it’s even at football matches! (see below)
Yet, talking about GDPR is often met with looks of confusion or despondency. Those that are at a loss as to what it is and what it means for them are certainly not alone!
What is GDPR in 30 seconds?
GDPR is a new regulation from the European Commission to enhance data protection, with the main purpose of giving control back to the data subject, ie: you and me! Its purpose is to revise and refresh the ways that data is used and stored, and it gives the end user the right to specifically opt in or out of any communication that they receive or ways in which their data is used.
But wait, give back control implies that you might have lost it in the first place, so how will you know? Well, what have you ever signed up to? Think of online accounts that you’ve created, social media profiles, blogs or email subscriptions, the list goes on.
If you have entered your email address into one place and then a second, unrelated, company sends you an irrelevant email, the chances are that the first company has sold on your data. And it might not stop there! The GDPR, quite simply, is looking to stop this from happening, and to give the end user, whether that’s you, your customer or your next door neighbour, the ability and control to know what data is being collected by a company and the access to know exactly what it will be used for.
Core GDPR Guidelines:
For those of you pondering whether you house people’s data, the core of GDPR states that data must be treated with the following six principles:
- Data must be transparently, fairly and lawfully processed (so you know what you’re getting and why)
- It must be processed for specific purposes (there’s a reason why data is being stored or used)
- Data usage must be adequate, relevant and not excessive for the purpose of which it is being processed
- Any data records kept must be accurate
- Data must not be kept longer than necessary for the purpose of which it is being processed
- All data must be kept secure, and any breaches of security reported
What levels of data does GDPR impact?
Just as existing data protection laws don’t just cover our name and email address, GDPR will look after anything that could be deemed personally identifiable information. This could mean anything from your business card to a profile picture.
It’s important that you also consider where and how this data is stored too. So if you hold data on others, then it’s advisable to start putting in place a GDPR compliant policy.
Will GDPR still matter after Brexit?
In short, yes. We’d be fools not to think that it, or something very similar to it, won’t be around for the foreseeable. Whilst we don’t know exactly what the UK laws will be, we do know that there will be a GDPR regulation of sorts, most likely mirroring what the EU commission says. It’s fair to assume that any changes or processes put in place now will be continued even after Brexit.
It’s also important to remember that if you do business with anyone within another EU country, then you will still need to abide by the GDPR rules and regulations, whatever the final agreement.
What will happen if you don’t do anything?
Fancy yourself as a risk taker? Well, there is the threat of fines and penalties based on company turnover. However, it is important to consider that the GDPR’s aim is to make things better, more secure and safer for everyone, and so it is in the regulator’s interest for everyone to be making an effort to do something about it. The best advice, therefore, is to start thinking right away about how this affects you, and then seek advice on how to ensure that you can demonstrate your compliance.
And what if you still don’t do anything about it after the May deadline?
It’s probably fair to say that companies and customers across Europe are talking more and becoming more aware of GDPR. Rather than asking the question what might happen if you don’t do anything, you should really be considering how your target audience will feel if you are the only one in your industry not doing anything about it? Before you ask, yes we are doing everything that we can to ensure that we are compliant ahead of GDPR day. It’s been quite exciting!
GDPR isn’t something to be sniffed at. It’s coming, and it’s here to stay. In the meantime, let’s have some great fun with all of that data!
To find out more about GDPR, read our latest blog on the benefits of GDPR here.