How Shall I Prepare For GDPR?
3 years ago
It’s been all over the press of late, but exactly what is GDPR? When does it come in to effect and as a small business, what must I do to comply with data protection regulation? This blog will aim to answer each of these questions and give you a clearer understanding of the new data protection law and the steps you must take to protect yourself and your business from prosecution.
The General Data Protection Regulation (GDPR) is a new regulation being introduced on the 25th May 2018 to protect digital privacy. The regulations will combine many current privacy legislations across the EU into one central set of regulations.
All companies, large or small, will need to amend their digital products and websites so that they include new privacy settings. Companies will also need to be mindful of the way the collect data and seek permission to use this data. Failure to comply with these new regulations will result in penalties, substantial fines may well be slapped on business and this, particularly for a small business, could be catastrophic.
Some will already be aware and taking steps to comply with current Data Protection Act, but for others, the changes to the data protection act will have flagged up a need to get in the know. We’ve summarised the essential GDPR points that all business must consider before May 2018.
- Make sure all people in your organisation are aware that the law is changing to the GDPR. Communicate the impact that noncompliance may have.
- Make a detailed record of the personal data you hold, where and from whom it came from and who you share it with. A thorough information audit may be worthwhile.
- Schedule time to look over and amend your privacy statements, clauses and procedures. Plan time to design and put into place new procedures for sharing data with other organisations and deleting personal data. Make sure you manage your email opt in’s correctly, don’t assume your customers want to be contacted. You must make sure your users can easily access their data and remove consent for its use.
- Look at your current marketing material including your eshots, mailers, letters, brochures or catalogues. You need to explicitly ask permission to send someone email marketing and you must make it easy for them to opt-out of receiving future marketing.
- Look over how you seek, record and manage personal data. Amend contracts if they no longer meet the GDPR standard.
- Consider putting into place systems to verify age. Obtaining parental or guardian consent to process data may be required in some circumstances.
- How would you detect, report and investigate a personal data breach? Seek specialist advice and put into place suitable measures.
It is essential you begin thinking about GDPR now and identify which parts of the GDPR will have the greatest impact on your business. You can then successfully begin planning how to implement changes so that you remain compliant.
For help with complaint digital and email marketing, please call Christina on 07719 430267 or email firstname.lastname@example.org.