What is GDPR? – Staffordshire business advice
May 22, 2018
What is GDPR and how does it affect my business?
You have by no doubt heard a lot of talk about GDPR – The General Data Protection Regulation – which comes into effect on May 25, 2018. The regulation exists to provide guidelines for keeping people’s personal data safe and to protect us from unsolicited, intrusive and downright annoying contact from organisations.
It will affect every business to some extent, as well as any third parties and suppliers. Data held about employees also falls under GDPR. It will also continue to apply when the UK leaves the EU.
What’s the point in it all?
The EU wanted to give people more control over how their personal data is used. The problem was, the current legislation was passed before the internet and cloud technology created new ways of exploiting data. As with many things nowadays, it comes down to a move towards an emerging digital economy. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in digital.
The GDPR elaborates on the definitions of personal data and provides stricter timeframes for reporting issues to ICO. While GDPR is already in existence, from May 25 businesses can be subject to potential fines for non-compliance – which could reach €20 million for some organisations, as they are based on a percentage of worldwide turnover!
On the plus side, it means that while marketing will become more challenging, people will only be sent information which they have given their permission to receive, and are therefore much more likely to make a purchase.
It’s worth noting that even if information is in the public domain, for example on a website or blog, you still need to meet the statutory grounds to send marketing information, which requires proof of consent.
What should you do?
By now, you should have carried out a data audit, to understand what data your company holds and whether the way it handles and stores that content is compliant. You need to check how you got consent to hold the data and keep a record of this.
Check your privacy policy is up to date, and regularly review it. Pop a link to your policy in the footer of your website, so people can see it easily.
Your customers, employees and other individuals trust you to carry out work or provide a quality service. They need to be able to trust you to look after their data too. Knowing they can is good for your business or organisation.
There’s a wide range of guidance and support available on the Information Commissioner’s website to help you prepare and ensure you are ready for GDPR from May 25. Your professional association or trade body will also be able to provide advice.
Visit https://ico.org.uk/for-organisations/making-data-protection-your-business/
You can also take an online course about GDPR with Future Learn here https://www.futurelearn.com/courses/general-data-protection-regulation?lr=10