GDPR (General Data Protection Regulation) has been widely reported recently, but our experience indicates that a significant proportion of businesses are currently unaware of the changes, or do not have a plan in place for compliance.
With the deadline fast approaching, we'll be running a series of exclusive insight pieces to help keep you informed of the changes, as well as offering tips and advice on how to adapt both your website and digital strategy to help you comply.
What you need to know
To kick things off, we’ve pulled together a few key FAQs to cover the essential basics relating to the GDPR changes.
What is GDPR?
GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union (EU). The key objective being to give control back to citizens and residents over their personal data.
When does it come into effect?
The new rules require full compliance by 25th May 2018, however it's important that procedures are put in place now in order to future-proof your data.
Will it affect me?
The answer in short: most likely, yes.
GDPR applies to all organisations that hold, process and store personal data of EU citizens, regardless of the organisation’s location. This means that all businesses (from sole traders working from home to giant multinational corporations) are likely to be affected.
What are the main business implications?
In summary, GDPR means that all businesses will need to obtain (and be able to prove) prior, explicit and unambiguous consent from a contact before they can receive marketing communications.
Transparency and provability is the goal. Future systems will need to have privacy built into by design.
Is my existing data safe?
Unfortunately not. From May 2018 onwards all companies will need to prove GDPR compliance for both new and existing datasets. This means that you will be breaking the law (and thus liable to fines) if you send marketing campaigns to anyone without prior consent (even if they have received them previously). It’s therefore worth investing some time now to both ensure full compliance and prevent existing data from being lost.
What if I don't comply?
Be aware, the fines are significant - 20 million euros or 4% of the company’s global annual turnover (whichever is higher).
Can I buy compliance?
No. Compliance is not going to be quick and easy, so be wary of any organisation who claim that they can do everything for you as there’s no one size fits all solution. Instead a careful review of processes and procedures needs to be completed in addition to decisions as to how to proceed with gaining permission.
What should I do next?
There are a number of things which you can do now in order to limit the potential impact of GDPR.
Our next insights article will cover our key recommendations, as well as providing a step-by-step guide to obtaining consent - to make sure you receive it, please sign-up to our newsletter using the form below.