If you’ve not heard of the acronym GDPR yet, then you’re most likely unaware of what it means for your business. On 25th May 2018, General Data Protection Regulation (GDPR) legislation comes into effect across the European Union, which will transform the way that personal data is processed and used by businesses and organisations, large and small, trading within Europe or targeting European citizens.
Improved Data Protection
As part of the new legislation and regardless of Brexit, the Data Protection Act (1998) will be replaced by the GDPR. The existing Data Protection Act does not reflect modern digitalised life and all the ways that our data and that of consumers is being used and sometimes abused by companies, groups and organisations across the world.
GDPR is causing a stir for businesses worldwide too who trade with, collect or control the data of people in Europe as GDPR affects what information they can collect, how they collect it and how long they keep it for. Brexit is expected to have little effect on the GDPR as not only will it come in before the UK leaves the EU but the UK will be adopting a similar framework for the protection of data.
GDPR does not only cover personal information such as names, date-of-births, e-mail addresses and addresses but information such as location targeting, IP addresses, payment information and other identifiable consumer data.
Any organisation within or outside of the EU found to be non-compliant in May next year risks facing fines of up to 4% of annual turnover.
Until now, it has been relatively easy for hackers to access personal data held by companies. Small businesses have been as much of a target with their poor data protection processes as large organisations. A recent high-profile example of this is TalkTalk communications company where thousands of customers’ information was accessed by a 14-year-old boy. This display of a serious security breach for a big company like TalkTalk shows the need for legislation like GDPR, especially for consumers.
The ICO (Information Commissioner’s Office), who are the UK’s GDPR representative within the EU for the distribution of information about the new legislation suggest that GDPR will create a more trusting economic environment in the developing digitalisation of modern life.
A Matter of Consent
Consent plays a big part in the GDPR. This particularly has an impact on communications, marketing and advertising companies where their approach has been to send out large-scale marketing campaigns to gain new leads and collect personal information for databases.
With GDPR, consent will have to be acquired before direct communication can be made; companies will have to encourage their audience to ‘opt-in’ to receive communications from them. Companies will also have to make it clear and easily understandable to their audience what information will be gathered, how it will be stored, what security measures will be in place to protect it and how long their data will be held for. Most importantly, consumers must be given the clear option to have their data deleted by the company at any time; an option to ‘opt-out.’
Any content management systems i.e. websites that collect consumer data, whether they’re collecting financial data or not, will need to gain consent to hold information and report any breach of their systems within 72 hours of becoming aware that a breach has taken place.
Staff Data, Not Just Customers
The GDPR will also cover the information held by organisations on staff and volunteers for payroll reasons. Although it will not affect current record-holding timescales legislation i.e. how long records should be kept (3 years for payroll information), it will require better systems for organisations such as informing staff how their data will be used, how it will be stored and when it will be deleted.
Positives of GDPR
Despite the daunting task that GDPR compliance presents to businesses across the globe, there are positives that look to vastly improve the business and digital landscape for the better:
- GDPR looks to make businesses more efficient and effective in how they attract revenue. Information from organisations will be sent out to people who have already given consent to contact them directly, massively improving conversion rates from direct mail and advertising campaigns. This could only mean good things for sales.
- The process of becoming GDPR compliant looks to improve how many businesses operate. Encouraging them to not only analyse how they currently use, store and manage data but forcing them to improve security systems and day-to-day business processes.
- By promoting compliance, businesses will present a more reliable image to their customers, creating a more trusting relationship between business and customer, whatever trade or sector they fall in. By taking data protection seriously, it shows businesses take their clients or customers seriously, giving them a competitive edge.
- The big software and social platforms are already starting to abide by GDPR, meaning that the internet will be a safer place for everyone.
GDPR offers opportunities to build better marketing strategies for businesses such as direct mail with better conversion rates. If you’d like more information on how to approach customers from a marketing point of view whilst remaining GDPR compliant, get in touch with us.
For more information and guidance in general, see the ICO’s website: www.ico.org.uk.