16i, a Cheltenham-based digital design agency, has outlined some of the key aspects of the General Data Production Regulation (GDPR), which is set to come into effect in May next year.
The new regulation will see almost all businesses having to take action to ensure they comply with the legal requirements around people’s personal data. With the deadline for compliance fast approaching, 16i has outlined some of the key ‘need to know’ elements to help businesses digest what it means for them.
Alex Clough, the managing director of 16i, said: “GDPR has been widely reported recently, but our experience indicates that a significant proportion of businesses are currently unaware of the changes, or don’t have a plan in place for compliance. It’s important that businesses take the necessary action, so we’re doing what we can to help.”
Below, 16i has answered some of the key FAQs surrounding GDPR.
What is GDPR?
GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union (EU). The key objective being to give control back to citizens and residents over their personal data.
When does it come into effect?
The new rules require full compliance by 25th May 2018, however it’s important that procedures are put in place now in order to future-proof your data.
Will it affect me?
The answer in short: most likely, yes. GDPR applies to all organisations that hold, process and store personal data of EU citizens, regardless of the organisation’s location. This means that all businesses (from sole traders working from home to giant multinational corporations) are likely to be affected.
What are the main business implications?
In summary, GDPR means that all businesses will need to obtain (and be able to prove) prior, explicit and unambiguous consent from a contact before they can receive marketing communications. Transparency and provability is the goal. Future systems will need to have privacy built into them by design.
Is my existing data safe?
Unfortunately not. From May 2018 onwards, all companies will need to prove GDPR compliance for both new and existing datasets. This means that you will be breaking the law (and thus liable to fines) if you send marketing campaigns to anyone without prior consent (even if they have received them previously). It’s therefore worth investing some time now to both ensure full compliance and minimise existing data from being lost.
What if I don’t comply?
Be aware, the fines are significant – €20 million or 4% of the company’s global annual turnover (whichever is highest).
Can I buy compliance?
No. Compliance is not going to be quick and easy, so be wary of any organisation who claim that they can do everything for you as there’s no ‘one size fits all’ solution. Instead a careful review of processes and procedures needs to be completed in addition to decisions as to how to proceed with gaining permission.
Alex Clough concludes: “With the deadline looming, businesses need to act swiftly to limit the potential impact of GDPR. We’ll be running a series of insight pieces to help keep business leaders informed of the changes, as well as offering tips and advice on how to adapt both websites and digital strategy to help ensure businesses comply.”