GDPR. Heard of it? Perhaps – it’s one of these terms which is being talked about at the moment, but you might not know what it is, and whether it’s something you need to know about, or do something about.
In this instance, you do. So listen up, we’ll give you the lowdown. What it is, why you need to know about it, and what it means for your business.
It stands for General Data Protection Regulation. Yeah, we know, no clearer.
Essentially, it’s a new piece of European legislation being brought in to replace the existing Data Protection Directive and the Data Protection Act 1998 – the biggest changes to data protection rules for a number of years, primarily as a result of the vast increase of digital information that’s in existence and shared, used, copied and stored.
It’s being brought in from May next year, and will have a pretty significant impact on your business. In a nutshell, it’s all about how you, as a business holds and uses the data you have about your customers.
It’s designed to protect data – your customers will have a right to know how their data is being used by you, and you have to ensure you are protecting it properly. Failure to abide by the new rules could see you falling foul of the new law, and being heavily financially penalised as a result.
Although we do have existing data protection laws, the GDPR goes further, not only in terms of what information needs to be protected (for example, if you can be identified by a bit of information, even down to a pseudonym, rather than just the obvious names and addresses), but also when it comes to consent. Of course, a consumer needs to give consent for their details to be used by a company, but the business has an obligation to be completely transparent on how those details are going to be used and stored. If a consumer wants access to this information, the company is obliged to provide it.
And the fines system is new too. And it’s pretty hefty. Non-compliant businesses can be fined up to 2–4% of global turnover or 20m euros if greater, and this applies to each breach. Which could break the bank for most businesses. So it’s important to take action now to ensure that you are completely up to speed on what your obligations are.
So what will you need to do? Now, we don’t claim to be a data protection expert, and it’s wise getting in touch with someone who can check that you are completely compliant and we actually have a speaker on GDPR at our next event – you can book on here. But you’re probably going to have to put things into place like data protection policies, and documents you can send to customers to let them know how their data will be used. There is also an obligation to report any data breaches to the regulator, which in this instance will be the Information Commissioner’s Office. They will be judge, jury and executioner when it comes to determining whether you have done all you can to prevent any breaches, and doling out any punishment.
You may need to hire a specific data protection officer (although this may apply to larger companies) but depends on the type of business you have, and the data you hold, for example, if you store and use particularly sensitive information, and use it a lot, then you may need to secure the services of a dedicated person who will look after this side of your business. You will need to have a clear record of exactly what data you hold, how long it’s stored for, when and how it is used, and what security measures you have in place to keep it safe.
Essentially, consumers will play more of an active role. There’s to be a clear opt-in, and a scrapping of fees if they want to get access to their own data that a company holds about them. Companies are obliged to provide this within a month of the request being made. There will also be more rights by consumers to have the personal data about them erased if they so desire.
So you can see that it’s a biggie. And it’s coming soon. To get you started, the Information Commissioner’s Office has produced a guide for businesses, and you can download it here.
But if you are unsure, then please do seek professional advice. We certainly will be!!