A busy day here at My Words Work For You, brushing up on Flow Cytometry for an upcoming project. All week I have wanted to produce a quick post about the impending General Data Protection Regulations (GDPR). Earlier this week I ‘attended’ a virtual event to learn about GDPR from a panel of experts. I am glad I did. If you are not yet aware of how it affects you, NOW IS THE TIME.
What Is GDPR?
My understanding is, it is an enhanced version of the Data Protection Act. GDPR will encompass the way data is stored and processed in the modern age. GDPR aims to provide greater protection for all of us against mis-use of or abuse of our personal data.
Where Do I Find Out About GDPR?
I am no expert, I am a novice in the area of GDPR but I have learned enough to know that it will affect me, my clients, and any business within the EU. The perfect place to ‘brush-up’ on GDPR is the ICO. In the mean-time, there is nothing to fear as long as you follow the rules, but follow the rules you must.
Who Does it Affect?
In brief: Every business within the EU as well as those outside the EU that hold/process data about anybody within it. If you are holding data about any individuals you will need to take steps.
What Do I Need To Do?
By May 25th 2018, every business who stores data about any individuals needs to ensure they are compliant. It has been described as “Information Management Hygiene” in which companies need to understand exactly:
- What information they are holding
- Why it is being held
- Where it is being stored, and how
- How it is being used
- How long you are storing it for
- Who can access the data
From this point, you will be able to establish if the data is being held because there is a ‘legitimate interest’ or for other purposes, such as marketing. If you are storing data for marketing purposes you will also need to comply with PECR, soon to be known as ePrivacy Regulation. If the data contains personally identifiable information you must ensure you are compliant.
Do I Need Consent?
If you are storing the data for marketing purposes, the answer is definitely YES. You will need to contact every person you hold data for and explain who you are, why you need the data, how you will use it and whether you intend to share it and if so, with whom. In notifying them of this and of your Privacy Notice (see later), you will need to provide the opportunity for them to give their consent. If you are storing the data for other purposes e.g. for non-marketing, you may possibly have a ‘Legitimate Interest’ and will only need to inform the individuals rather than obtain consent. It is important to check this.
What is a Privacy Notice?
What Steps Do I Need To Take To Be GDPR Compliant?
What are the Benefits of GDPR?
The new legislation promotes transparency and raises awareness while enhancing the rights of the individual to access and withdraw their data. For businesses, Cliff Gibson, of DBR Data describes GDPR as:
“A massive opportunity for companies to build brand trust and loyalty. If you do it well then make a point of telling your customers you can be trusted with their data.”
Cliff Gibson, Owner of DBR Data
GDPR Explained in Mind-Maps
Thank you to Cliff Gibson for his kind permission to use the mind maps he has produced.