GDPR: What to do to get ready

Published on 7th March 2018

The EU General Data Protection Regulation (GDPR) is said to be the most important change in data privacy regulation in 20 years.

The GDPR comes into force on 25 May 2018, and replaces the Data Protection Directive 95/46/EC. But, research from 2017 shows that three-quarters of small and medium-sized enterprises have yet to even start preparing for this new regulation.

As suggested by David Thompson of Close Brothers, these findings indicate that there is dangerous lack of preparation for the new GDPR regime. Indeed, these regulations may not be as straightforward to comply with. Helen Dixon, Data Protection Commissioner in Ireland states that:

“the obligations in the new EU GDPR will mean that all public, private and voluntary organisations of every size need to be familiar with the requirements around what information must be given to all individuals when their personal data is being collected, used and stored and with the rights individuals have in relation to controlling how their personal data is treated.”

This means that the GDPR will introduce obligations for data controllers and processors in several areas. Matt Hancock, minister of state for digital culture, points out that the GDPR will strengthen the rules for obtaining consent, to create stronger and more unified protections of EU citizens’ data. Accordingly, businesses of all sizes must comply with the new rules around consumer data.

Getting Everyone on Board for GDPR

Therefore, as mentioned in this article, we suggest that the number one priority now should be that business owners make sure that everyone is on board: it should be clarified when the new legislation is coming, and why.

Of course, as Hajra Rahim points out: some companies wish to keep this onboarding informal by sending out emails and scheduling team meetings, in attempt to reinforce the message.

Raising awareness about the potential risks that GDPR brings (i.e., heavy fines and loss of reputation), can ultimately ensure that everyone accepts the change and complies, rather than showing signs of resistance and resorting to the status quo.

Luckily for us, there are also several websites out there that can help us prepare for this huge change. For instance, the information commissioner’s office have published an easy step-by-step guide on how you can prepare for the GDPR. Additionally, they have also published checklists for data controllers and data processors.

GDPR & Digital Marketing

HubSpot provides us with extensive background information about the GDPR, and what it can potentially mean for the marketing industry.

For instance, as the GDPR was designed to ensure that customers are fully aware of how their personal data is treated and for what purpose it may be used for, people will now need to give their consent (similar to informed consent when conducting research).

Also, people have the right to be informed about their right to withdraw this at any time. Other implications include the following:

  1. Data collection from users and customers become affected
  2. Email marketing requires validated consent
  3. Browser cookie policies should be respected
  4. The need for explicit consent being granted beforehand
  5. Marketing databases will need to be cleansed and reviewed

If you are eager to learn more about the implications of the EU GDPR, a great article can be found here. Additionally, more information about potential consequences of non-compliance is provided here.