GDPR is coming, but what steps do you need to take to ensure compliance with the new rules?
The General Data Protection Regulation (GDPR) will be implemented in the United Kingdom by the 25th May 2018. The aim of GDPR is to improve privacy protection for consumers by changing the way businesses are allowed to gather, use, store and transfer their customers’ data. While this is an EU regulation, UK companies should still prepare to implement it, despite the UK’s withdrawal from the European Union. The government has confirmed that these laws will be woven into their own bill, replacing the existing Data Protection Directive. More on Brexit and GDPR can be found here.
Compliance With New Rules
Companies in Europe, the UK and countries which trade with EU member states will need to make changes to the way they manage their customers’ data, otherwise risk hefty fines. As pointed out by the BBC:
“In the UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover. The current maximum fine firms can suffer for breaking data protection laws is £500,000. The UK’s Information Commissioner will have its powers strengthened and extended to help it police the new regime”.
When referring to “personal data” in terms of GDPR, it is specifically referencing any information that could identify a person directly or indirectly (including names, birth dates, phone numbers and addresses). Companies must tell their customers how long their data will be stored for and give the individual the option to delete the data under certain conditions. But practically, what changes should your organisation be making in preparation?
Think about changing your internal data policies as soon as possible to be compliant with GDPR standards. This means auditing data processes, putting in place communication processes for customers, preparing simple ways of requesting data removal for customers, rewriting privacy notices to be concise, easily readable and accessible. You should also analyse how secure your storage methods are and how easily they can be breached.
Ant Marketing and GDPR
Preparations are underway at Ant Marketing and our Compliance Officer, Holly Fordham, has previously explained how GDPR will affect us and our clients:
“Data management and the DPA already play a huge part in the way we operate as a business and remaining compliant is obviously my number one priority. We are therefore looking ahead to GDPR now with the view to streamline our data collection and retention policy. New access permissions and secure data platforms will be implemented in the near future in line with GDPR regulations and mandatory fields will form the framework for minimising unrequired data. Ant Marketing believes in continual improvement in all aspects of the business and data is not to be excluded. So whilst our data policy is already tightly and continually managed, GDPR will alter the processes we follow”.