GDPR, short for General Data Protection Regulation and as of 25th May 2018 this is a data protection regulation that ALL businesses need to comply to or face financial penalties for any potential breach.
Many business owners will think that these regulations do not apply to them, if this is you then you are wrong. GDPR regulations apply to ‘Controllers’ and ‘Processors’ of personal data; a controller is the one who says how and why personal data is used and the processor is the one who acts on the controllers behalf and ‘processes’ the data.
As a Marketing and Finance business ABL Business are both controllers and processors of personal data and because of this we have been extra careful when it comes to understanding the intricacies of the legislation; whilst trying to simplify it at the same time. Here we share some of the things we have learned that can help you navigate the next 9 months and ensure you and your business are fully aware of the need for GDPR compliance when the 25th May 2018 comes around.
Here are some practical steps you can take to get you started on your GDPR Journey…
First things first, under the data protection act it states that any individual or organisation that processes personal data should be registered with the Information Commissioners Office (ICO) unless they are exempt; you can take a test here to find out if you should be registered.
Next, you need to understand the legislation terms and how they relate to you and your business;
- What constitutes ‘personal data’? – Definition under the GDPR: any information relating to an identified or identifiable natural person. This relates to a series of ‘personal identifiers’ including name, IP addresses that can identify people online and location data such as cookies.
- Know where you stand as a ‘Controller’ and/or ‘Processor’ of data and ensure that you are aware of the level of responsibility you have and your obligations from May 2018. Here is some light bedtime reading from the ICO.
Finally, how can you start to prepare for changes in Data Protection legislation before GDPR comes into effect next year?
- Start with your marketing database and where personal data is stored (this includes email marketing lists on spreadsheets, CRM systems and email software such as Mailchimp). To avoid confusion in the future you should have ONE master database instead of lots of little individual data stores. The reason for this is when you are asked to ‘remove’ an individual from your lists you need to remove ALL data stored relating to that individual and NOT just opting them out of receiving marketing emails! We use Zoho; it’s fab!
- If you currently have a marketing data list, do you have an audit trail of individuals that have ‘Opted In’ to receive your marketing emails? If not, create one. Send an email to all people that you have on your database and ask them to re-sign up to continue to receive information about your business and services. PLEASE NOTE: DO NOT SEND THESE EMAILS TO CONTACTS THAT HAVE ALREADY OPTED OUT OR UNSUBSCRIBED. This is not cool; as Honda and FlyBe recently found out.
- Simple, but effective; If you have a sign up form on your website, make sure that people who sign up have been asked the questions, Tick here to ‘Opt in ‘ to receive marketing emails? Let’s not assume anything; it makes an ‘Ass of U and Me’.
Here at ABL Business we are ICO registered, our number is ZA030502, but we are not experts in data protection. The information provided above is to be used as a guide only and to provide helpful information on the subjects discussed.
The information provided is not intended to be used instead of legal advice. While best efforts have been used in preparing this book, the author and publisher make no representations or warranties of any kind and assume no liabilities of any kind with respect to the accuracy or completeness of the contents. Neither the author nor the publisher shall be held liable or responsible to any person or entity with respect to any loss or incidental or consequential damages caused, or alleged to have been caused, directly or indirectly, by the information or programs contained herein.