The GDPR is deathly boring to read about but it is important to your business if you deal with/record/process customer information in any way – online or offline. You need to take notice.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new EU regulation aimed at helping to strengthen data protection for EU citizens and residents both within the EU and the wider world. The GDPR will apply in the UK from 25th May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
What Does it do?
At the simplest level the GDPR tells businesses and organisations that if they want to offer their services or products to customers who are EU citizens, they need to ensure they look after their personal data (or else!).
How is my Business affected?
If you collect and process the personal data of your customers in any way then it is likely you will need to comply with the new regulations. From a digital perspective this might include information in emails, website contact forms, website analytics, databases, email marketing systems, customer relationship management systems (CRMs) etc etc.
What is the Impact on my business?
This will vary but the first step is to carry out a full personal data audit. This should identify every area where customer data is recorded, processed and stored. This should also include any third-party systems such as MailChimp etc.
The GDPR builds on existing data protection legislation and confers a number of rights to customers and responsibilities on businesses:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights related to automated decision making and profiling
It is beyond the scope of this article to list all eventualities but it is likely that you will need to put in place new policies and procedures to ensure compliance.
How do I find out more?
A good place to start is the Information Commissioner’s Office website – https://ico.org.uk
If you would like help in reviewing your future compliance with GDPR you can also contact us and we will be pleased to help: firstname.lastname@example.org or 01803 722446