background

GDPR and your business

In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), is due to take effect.

The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently complying with the GDPR.

The impact of the GDPR is straightforward. It's all about putting individuals' rights and freedoms at the centre of data protection. That translates into something simple. On the one hand, increased privacy rights and protections for individuals. On the other strengthened obligations of businesses towards them.

Key changes under GDPR

 

Personal privacy

Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of personal data
- Export personal data

Controls & notifications

Organizations will need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing

Transparent policies

Organizations are required to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of personal data
- Export personal data

IT and training

Organizations will need to:
- Train privacy personnel and employee
- Audit and update data policies
- Employ a Data Protection Officer (if required)
- Create and manage compliant vendor contracts

Our products & services can help you with your GDPR compliance

GDPR is likely to mean changes to how you may collect and process data. Many of our products already contain tools for managing your GDPR obligations. Website's which collect client data (even simple contact forms) must also comply with GDPR.

FAQ

The GDPR isn't complicated or technically demanding, There's simply no excuse for failing to meet it especially as regulators have ramped sanctions for non-compliance. Please see our FAQ below.

  • Why do you need client data?

    For most companies, the reason is obvious – you need the data to do business. You need your customer's details so you can contact them about a job you're doing. To keep them updated on progress and when it's finished. GDPR would classify these as ‘the performance of a contract' and ‘compliance with a legal obligation'. Why is this important? Because it means you don't need consent.

  • Do you have permission?

    The GDPR demands it must be simple and easy for individuals to manage their data themselves. Asking for changes in writing and applying charges - anything that hinders - is gone. Everything must now be in their hands.
    Individuals must be able to initiate and take responsibility for maintaining their data. They must be able to request its deletion.

    If you've ever changed a delivery address or method of payment on Amazon you'll have seen how. It's through a dashboard accessible through your account. Web pages that set out all the data held on you including consents and permissions for specific uses. Apply the means to edit and delete data and you're there. And saved yourself all the distractions of managing customer's data for them.

  • Understanding consent

    Spam is any irrelevant or unsolicited email. Some 60% of all email is spam. And with 2.4M emails sent every second, that's a lot of junk. The purpose of consent is clear.

    Contacting customers about anything other than work or something important requires consent. More, that consent must be informed and freely given. So no weasel words: clear, simple and unambiguous statements. Want to use customer's data for marketing? You must say so. No pre-checked boxes, it's all opt-in. Lastly, you must keep records of exactly what they consented to when.

    All in all, consent is a serious business. But if you think about it, there's nothing new here. Direct Marketing guidance has always pushed these very points. If you find the prospect of consent difficult to swallow, it's not the GDPR that's making you choke.

  • Proving Complience

    Being compliant means you have to be able to prove you are. In the event of an audit it's not the auditor's responsibility to discover your compliance, it yours to prove.

    This means you need to be able to show how your business uses data. How you've evaluated and risk assessed it. The mitigations and contingencies you've decided to implement. Your plans and progress in doing them.
    So records of actions taken. Data maps. Risk assessments. Decision notes. Procedures. Lots of paper. Lots of evidence you're taking data protection seriously and have it under control.

  • Breach

    A key part of data protection concerns minimising the chances of a breach. But this doesn't mean you have to be hack-proof. Besides breaches can occur in other ways – think leaving a laptop on a bus or losing a pen drive.

    The key issue with data is ‘rendering it unusable' should a breach occur. To you and me the key word is encryption. Now, you must prepare and be able to report a breach. But if your data is guaranteed unusable you don't need to report it at all. Note: ‘guaranteed' doesn't mean the encryption is impregnable. It means you can prove the data in question has had robust encryption applied. As one expert said to me, "90% of GDPR compliance is in encryption." Seems like useful, practical advice.

  • The GDPR demands it must be simple and easy for individuals to manage their data themselves. Asking for changes in writing and applying charges - anything that hinders - is gone. Everything must now be in their hands.
    Individuals must be able to initiate and take responsibility for maintaining their data. They must be able to request its deletion. How? It's easier than you may think.

    If you've ever changed a delivery address or method of payment on Amazon you'll have seen how. It's through a dashboard accessible through your account. Web pages that set out all the data held on you including consents and permissions for specific uses. Apply the means to edit and delete data and you're there. And saved yourself all the distractions of managing customer's data for them.

Finally, still have questions?

Please contact us to see our products and services can help you get compliant with GDPR. The cost of non-compliance from May 2018 is severe, enforceable and applies to almost every business large or small.

 Contact us Ready to Help
Image