GDPR - 10 things you should (already) know

GDPR
Written By Natalie Sadler

  1. The General Data Protection Regulation (GDPR) will come into effect on the 25th May 2018.

  2. No matter how big, or small your business if you handle data, including that of your employees, it does apply to you.

  3. Not complying with the new regulation could result in a penalty, up to 10 million euros or 2% of your global annual turnover - whichever is greater.

  4. Do you know what is classified as 'personal data' under GDPR and what and where you hold it within your organisation? You should carry out a data audit to map where and who holds your data (think about 3rd party data processors). IP Address, Social Media handles, and bank details are all examples of personal data, anything that can be used to identify someone.

  5. Pre-ticked opt-in boxes will no longer comply, you must also make it easy for subscribers to unsubscribe at any point.

  6. Consumers will have the right to be forgotten - meaning all data must be completely erased. If you are a data controller, it is your responsibility to tell all 3rd party data processors.

  7. Yes Brexit (sorry I had to mention it) is on the horizon, but don't think you can get away with ignoring GDPR on that basis, with 2 years to go until we part ways with the EU, it will still apply.

  8. Valid consent - you must be able to prove valid GDPR compliant consent (clear and affirmative) for all personal data already help within your database and all future data captured.

  9. It applies to ANY data you hold for ANY EU nationals, no matter how much or little.

  10. GDPR is not all doom and gloom for your business! There has been a lot of negativity surrounding GDPR from a business perspective, but there are positives to be seen.

    1. Gain valuable insight about your customers you didn't know before through data organisation.

    2. Better quality data - it's all well and good boasting a database of 100k but how good is it if only 10% engage?

    3. Brand reputation - by being clear and transparent with your audience, providing them with assurances your data is safe is potentially a source of differentiation from your competition.

This isn't a definitive list when it comes to GDPR and we would highly recommend you read through the guides and articles over on the ICO's website.

If you're concerned about GDPR and need help, or just have a few questions, drop us a message and we'd be happy to chat!

The content of this blog is for general information only; it does not constitute legal advice. 

Natalie Sadler
Previous

Marketing Acronyms 101