GDPR’s here, what now?

In the lead up to May 25, you couldn’t open your inbox without being asked to read an updated privacy policy or give permission for companies to contact you once the General Data Protection Regulation (GDPR) had kicked in.

GDPR came into force on May 25 and the build up to its introduction generated a flurry of activity among businesses, all wanting to make sure they’re compliant with the new legislation.

Widely reported as being the most important change in data privacy regulation in 20 years, GDPR is aimed at putting individuals’ privacy first and has replaced the existing Data Protection Regulation 95/46/EC.

Surprisingly, despite there being widespread global speculation and debate about GDPR in the lead up to its introduction, it would appear that now it’s here, very little’s being said about it. And, now that the influx of GDPR-related emails has died down, you could be mistaken for forgetting that it’s even in place.

But it is. So, what does this mean for businesses?

Well, if you haven’t already done so, it’s important that you’re fully up to speed with GDPR and what you need to do in order to maintain compliance. Failure to do so can result in companies being significantly penalised. They can either receive a standard penalty of €10m or 2% of their annual global turnover, up to a maximum of 4% of their annual global turnover, or €20m, whichever is greater.

At the very least, you should have invited your database to opt-in to your future communications, updated your privacy policy and made sure that any personal data you do store, is being kept securely, which is particularly pertinent following the recent Cambridge Analytica-Facebook data scandal. Consumers now have the right to access and remove any data you may hold about them, so it’s important you have the appropriate systems and processes in place to be to effectively handle these requests too.

GDPR stipulates that personal data must be used fairly, legally and transparently. It must also be collected for specific purposes – and used only for those specified purposes. All data must be deleted when it’s no longer being used for its initial, intended purpose. Your existing CRM or other systems may be able to help you fulfil these document compliance requirements or it may be that you need to invest in an alternative to ensure you prioritise customer needs, treat online data respectfully, and effectively manage customer information.

Complying with GPDR can be daunting for businesses, especially smaller companies, and given the fact there’s been widespread confusion regarding the specifics of the new rules and what the requirements actually mean on a practical level. But that doesn’t mean it should be ignored.

The Supervisory Authorities enforcing the new regulations recognise there may be a bit of a learning curve involved, particularly for SMEs. The important thing is to take action straight away and show that your business is striving to understand its personal data, data usage and accountability requirements sooner, rather than later.

For more information about GDPR, check out our blog, ‘The GDPR countdown is on: The essential Q&A for businesses.’

Comments ( 0 )

    Leave A Comment

    Your email address will not be published. Required fields are marked *

    By continuing to use the Ormerod Rutter site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.