GDPR – are you compliant?
Article posted: 25th April 2018
It’s been a long time coming but precisely one month from now the General Data Protection Regulation (GDPR) finally comes into force.
Organisations will be obliged to clearly inform individuals about why they are collecting their personal data, how it is going to be used and with whom it is going to be shared. Customers and clients will be able to request details of who has access to their information, how it is being used and they can withdraw their consent over this at any time.
The key ‘ask’ of the regulation is that businesses invite their clients and customers to opt-in to receive marketing communications rather than sending them out just because they’ve previously bought a product, used a service or given their email address in exchange for access to a part of the website.
Confusing or ambiguous opt-ins are out under GDPR. Instead, organisations must clearly state what clients and customers are opting-in to. So clearer statements such as ‘I opt-in to receive your newsletter’ will become the norm, replacing the very ambiguous statements used by some in the past, such as ‘Tick here if you a) want to receive our newsletter b) don’t want to hear our latest offers c) are happy to hear from carefully selected third parties’.
Organisations processing information in different ways will need to be able to explain why and how they do this and what they do with the information once it has been processed – and quickly report back to an individual who asks what data they hold on them.
In the UK, it will become mandatory under GDPR for organisations to report data security breaches to the Information Commissioner’s Office – it’s currently ‘good practice’. And penalties for breaches of the regulation could result in fines of up to €10m (or two per cent of a firm's global turnover) whichever is greater. Those breaches with more serious consequences can have fines of up to €20m or four per cent of a firm's global turnover (whichever is greater).
The Information Commissioner’s Office has produced a very user-friendly publication called Preparing for the General Data Protection Regulation – 12 steps to take now, which is an essential read for anyone still uncertain of their GDPR obligations.
If you’re fully up to speed, then it’s worth checking how ready you are by taking the short but succinct and insightful ICO’s Data protection self-assessment. It will grade your compliance and offer useful next steps for best practice.
Some action needed
Finally, if you haven’t already responded to our opt-in request, then please click here to ensure you continue to hear from us. We can’t assume that you still want to remain on our mailing lists for client alerts, newsletters or events.
Back to blog listing
Other Articles by
Promotions and new faces
Client Spotlight - JTA
The life of Brian!