Easy Steps to GDPR Compliance1685463
With the new Common Information Protection Regulation (GDPR) looming, you may nicely be 1 of the numerous now frantically assessing business processes and systems to ensure you don't fall foul of the new Regulation come implementation in Might 2018. Even if you have been spared operating on a direct compliance project, any new initiative within your business is most likely to include an element of GDPR conformity. And as the deadline moves ever closer, businesses will be looking for to train their workers on the basics of the new regulation, especially those that have access to personal data.
The fundamentals of GDPR
So what is all the fuss about and how is the new law so various to the information protection directive that it replaces?
The first important distinction is one of scope. GDPR goes beyond safeguarding against the misuse of individual information such as email addresses and phone numbers. The Regulation applies to any type of personal data that could identify an EU citizen, including user names and IP addresses. Furthermore, there is no distinction in between information held on an individual in a company or personal capacity - it is all classified as individual data identifying an person and is consequently covered by the new Regulation.
Secondly, GDPR does away with the comfort of the "opt-out" currently enjoyed by numerous companies. Rather, applying the strictest of interpretations, utilizing personal information of an EU citizen, demands that such consent be freely given, particular, informed and unambiguous. It demands a good indication of agreement - it can't be inferred from silence, pre-ticked boxes or inactivity.
It's this scope, coupled with the strict interpretation that has had marketing and business leaders alike in such a fluster. And rightly so. Not only will the business need to be compliant with the new law, it may, if challenged, be required to demonstrate this compliance. To make things even more tough, the law will apply not just to newly acquired data post Might 2018, but also to that already held. So if you have a database of contacts, to whom you have freely marketed in the past, without their express consent, even giving the person an choice to opt-out, whether or not now or previously, won't cover it.
Consent needs to be gathered for the actions you intend to take. Obtaining consent just to USE the data, in any form won't be adequate. Any list of contacts you have or intend to buy from a third celebration vendor could consequently become obsolete. With out the consent from the individuals listed for your company to use their data for the action you had intended, you won't be able to make use of the information.
But it's not all as poor as it appears. At first glance, GDPR appears like it could choke company, particularly online media. But that is truly not the intention. From a B2C viewpoint, there could be quite a mountain to climb, as in most instances, companies will be reliant on gathering consent. However, there are two other mechanisms by which use of the data can be legal, which in some instances will assistance B2C actions, and will nearly definitely cover most locations of B2B activity.
"Contractual necessity" will remain a lawful basis for processing individual data below GDPR. This indicates that if it's needed that the individual's data is used to fulfil a contractual obligation with them or take actions at their request to enter into a contractual agreement, no further consent will be required. In layman's terms then, utilizing a person's contact particulars to produce a contract and fulfil it is permissible.
There is also the route of the "legitimate interests" mechanism, which remains a lawful basis for processing individual information. The exception is where the interests of those using the data are overridden by the interests of the impacted data topic. It's affordable to assume, that cold calling and emailing reputable business prospects, identified via their job title and employer, will nonetheless be possible below GDPR.
