Is your business ready for the General Data Protection Regulation (GDPR)?

GDPR will become legislation on 25th May 2018 and forms a means to protect individual data to citizens within the European Union (EU). 

To simplify the impact that this will have on your business and to ensure you and your business remain compliant, there are some simple key facts which are already known.  Yet, this legislation is still a work in progress and neither the UK or European governments have finalised how this new legislation will be implemented or policed.

Although the GDPR legislation will not affect European Police forces or other judicial services (Courts etc).  There is a fear that this legislation will create chaos for European medical services, European banks and financial sectors, and European Utility companies.  Thus due to the amount of confidential, personal data they hold and pass around their organisation and onto third parties.  This area is just one forming the current grey mass, and as you can imagine needs much planning and safe guarding.  And more importantly obtaining the consent to use and how to use as required under this legislation.

This has then led onto amendments of data being shared between the EU and the USA.  In 2016 an EU-US Privacy Shield was approved.  Forming protection and an audit trail of how personal data of an EU citizen is used by US bodies and businesses

This has caused controversy, as how exactly can this be managed and monitored correctly in accordance to the GDPR legislation.  In fact how will the GDPR legislation be governed as a general rule, and something all are waiting on the European Union and the European Commission to confirm!

So whilst MEP’s mull over exactly how everything will function, there are currently several businesses taking prime advantage of this area of the unknown.  Charging several thousands of pounds to assist you and your business to ensure that the way you store, collect and use data is within the required remit of compliance.  As mentioned, a grey mass remains, therefore nobody can at this point in time ensure your business will comply.  It is thought that the full legislative requirements will not be known until January 2018.  Thus leaving four to five months to have all compliant and in correct situ.  GPDR

Charitable organisations FPS:

As of 6th July 2017 the UK Fundraising Regulators will implement new rulings with regards how charities collect and use data they hold and share.  This ruling forms the new Fundraising Preference Service (FPS)

Charities will not be able to communicate with their audience freely and all charities must have a means to offer all donors, dormant, active and potential a full opt-out service as an online function or a telecommunication function.  The opt-out options must hold different fields, telephone call, SMS, email, direct mail and consent to share individual data. 

The penalty for non-compliance has been capped at £25,000.  This ruling has been made following 11 major UK charities including Cancer Research UK , NSPCC  etc. were fined a combined £138,000 earlier in 2017 for breaching the current Data Protection Act. 

Some charities have the mind-set that they are being used as a prototype (Guinea pig)  for the coming GDPR and as the FPS forms part of local law it will be finally governed under the GDPR in May 2018.

 

Key known points:

A business using individual data (this doesn’t include business to business data) must have a full procedure manual and a recorded log of ongoing assessments.  Larger businesses will also need to instate a ‘Compliance Officer’.

Obtain consent from your employees for the use of their personal data and consent on how and when you are able to use their data.

Ensure to gain consent from your individual client base and consent on how you can communicate with them by using their data.

Have a means of allowing any individual to opt out from the use of their data in a specific way, and record your action of deleting their data from your records so that their data is not used again for the purpose they’ve opt-out of.

As of 25th May 2018 all historical data held must have already had consent obtained, otherwise is to be treated as new data and the request for consent made.

Severe financial penalties will be sanctioned to businesses who fail to comply capped at 20 million euro dollars.

 

Moving forward:

It is recommended that businesses who do mass marketing using personal data, either for electronic marketing or direct mailings partner with a reputable company who specialise in the use of data.  Printwell UK are a member of the Direct Marketing Association (DMA) and conduct client mailings both electronically and conventional print and post. 

Therefore we are confidently happy to assist you with questions posed, and offer guidance to your marketing requirements when the use of individual data is at its base.  As a business, it remains in our interest to keep a firm finger on the pulse of this legislation and the different acts and recitals within it, this is both now and when the pending new clauses and requirements are being considered and legally enforced.

So why not make contact today call 020 8687 9234