The best ways to go about GDPR

General Data Protection Regulations (GDPR), comes into force on 25 May 2018, and with it there are some big implications for businesses that hold any personal data on their customers, including IP addresses, names, home and email addresses, posts on social networking sites, cookies, images, bank details or medical information.

GDPR was brought in to replace the Data Protection Directive 95/46/EC and according to its official website, is designed to ‘harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.’

The new regulations come with some key changes businesses need to implement before 25 May to avoid being hit by fines of up to 4% of annual global turnover, or €20million, (whichever is greater.)

With this in mind, it will pay to ensure your business is compliant and a good place to start is to ask yourself the following questions:

  • What do you store?

Think about the kind of information you hold that could be used to identify an individual; and be careful as the list is often longer than you might initially think…

  • Do you make it clear how data will be used?
Consent to contacting people via their data is no longer a given. For any data your business holds, you need to make it clear what purpose the data will serve and obtain immediate permission. This is particularly important in the case of B2C companies, where customers information won’t be generally available.

  • What is your storage plan?
In addition to regulating how data is collected, GDPR also monitors the way that companies store data at all times; when you are using it, when in storage (i.e. not in use) and when it is being shared or moved.

  • Can your business ‘forget’ people?
Another big implication of GDPR is the ‘right to be forgotten’. This means individuals can request the right for their data to be completely erased, meaning that, instead of a simple unlike and unsubscribe option with a tick next to a name, people will now have the right to be removed from databases all together.

Preparing for GDPR is a huge undertaking and will have an impact on almost every customer-focused business.

Whilst these questions are a good starting point, if you need help to ensure your policies are robust get in touch with our digital experts.

Tags: Digital

Posted by Sam Leaver
on April 18, 2018