The GDPR is only a few months away and if you haven’t begun questioning your organisation’s data handling methods, it’s time to begin. If you’re unsure of What GDPR is, then see our recent blog post about it here.
The GDPR isn’t far away and a number of organisations need to ask themselves serious questions about their data and their customer acquisition strategies. The below questions would be a good place to start.
1. When is the GDPR Coming Into Effect?
The GDPR has already been approved and will move into legislation in May, 2018. Meaning, following this date your organisation can (and more than likely will) be fined for not following the new rules.
2. Whom does the GDPR Affect?
The GDPR applies to organisations within the EU, and organisations outside the EU if they offer products or services within EU borders. It applies to all companies processing & holding the personal data of ‘data subjects’ residing within the EU.
3. What is Personal Data?
Any information related to a natural person, also referred to as a ‘data subject’, that can be used to directly or indirectly identify the person. It ranges from a name, photo, email address, bank details, social network posts, medical information or an IP address.
4. What type of consent do you have?
Ensuring you have the right consent from your ‘data subjects’ is a key change within the GDPR. From May, 2018, organisations must have unambiguous consent from their ‘data subjects’. This is key if you are sending marketing or sales material which will be to a great extent outlawed without unambiguous consent.
5. Do I Need A Data Protection Officer
A Data Protection Officer or ‘DPO’ MUST be appointed if you are in public office. The likeliness that SME’s will need to appoint a DPO are high. If your organisation handles/manages more than 5,000 personal data records per year, you will need to appoint a DPO.
6. What are the Penalties?
Companies can be fined up to 4% of annual GLOBAL turnover or a total of 20 Million Euro’s.
7. Are there any circumstances in which the GDPR doesn’t apply?
There are circumstances the GDPR does not apply. These are only in extreme cases such as protecting national security, criminal investigations and public health matters.
8. HOW CAN I MINIMISE RISK & PROTECT MY BUSINESS?
Manage how you collect data and ensure you have ‘unambiguous’ consent from the the data subjects in your database. Make sure the email marketing & marketing automation platforms you are using are either EU based or following the GDPR tightly, otherwise you will pay the non-compliance fine.