GDPR – Find Out or Get Fined?

A busy day here at My Words Work For You, brushing up on Flow Cytometry for an upcoming project. All week I have wanted to produce a quick post about the impending General Data Protection Regulations (GDPR). Earlier this week I ‘attended’ a virtual event to learn about GDPR from a panel of experts. I am glad I did. If you are not yet aware of how it affects you, NOW IS THE TIME.

What Is GDPR?

My understanding is, it is an enhanced version of the Data Protection Act. GDPR will encompass the way data is stored and processed in the modern age. GDPR aims to provide greater protection for all of us against mis-use of or abuse of our personal data.

Where Do I Find Out About GDPR?

I am no expert, I am a novice in the area of GDPR but I have learned enough to know that it will affect me, my clients, and any business within the EU. The perfect place to ‘brush-up’ on GDPR is the ICO. In the mean-time, there is nothing to fear as long as you follow the rules, but follow the rules you must.

Who Does it Affect?

In brief: Every  business within the EU as well as those outside the EU that hold/process data about anybody within it. If you are holding data about any individuals you will need to take steps.

What Do I Need To Do?

By May 25th 2018, every business who stores data about any individuals needs to ensure they are compliant. It has been described as “Information Management Hygiene” in which companies need to understand exactly:

  • What information they are holding
  • Why it is being held
  • Where it is being stored, and how
  • How it is being used
  • How long you are storing it for
  • Who can access the data

From this point, you will be able to establish if the data is being held because there is a ‘legitimate interest’ or for other purposes, such as marketing. If you are storing data for marketing purposes you will also need to comply with PECR, soon to be known as ePrivacy Regulation. If the data contains personally identifiable information you must ensure you are compliant.

Do I Need Consent?

If you are storing the data for marketing purposes, the answer is definitely YES. You will need to contact every person you hold data for and explain who you are, why you need the data, how you will use it and whether you intend to share it and if so, with whom. In notifying them of this and of your Privacy Notice (see later), you will need to provide the opportunity for them to give their consent. If you are storing the data for other purposes e.g. for non-marketing, you may possibly have  a ‘Legitimate Interest’ and will only need to inform the individuals rather than obtain consent. It is important to check this.

What is a Privacy Notice?

Your website needs to contain an up-to-date privacy policy (yes, I am working on it), explaining how data is stored and used in accordance with the new regulations. If you are storing data with third parties it is your responsibility to check that they are compliant.

What Steps Do I Need To Take To Be GDPR Compliant?

It starts with a GDPR compliant Privacy Notice on your website. You need to be actively requesting consent before storing and using any personal data unless you have a legitimate interest. Carry out a thorough audit of the data you are holding, it is worth considering deleting out of date data at this point. Take time to ensure that you understand the legal basis for processing data. Make sure that for all customers it is possible for them to withdraw their consent at any point. Make existing and new customers aware of your new privacy policy.

What are the Benefits of GDPR?

The new legislation promotes transparency and raises awareness while enhancing the rights of the individual to access and withdraw their data. For businesses, Cliff Gibson, of DBR Data describes GDPR as:

“A massive opportunity for companies to build brand trust and loyalty. If you do it well then make a point of telling your customers you can be trusted with their data.”

Cliff Gibson, Owner of DBR Data

GDPR Explained in Mind-Maps

Thank you to Cliff Gibson for his kind permission to use the mind maps he has produced.

GDPR Cliff Gibson DBR Data Mind Map
Navigating GDPR Image credit: Cliff Gibson, DBR Data

About Nicola Dunklin

Experienced and proficient content writer with a proven track record of success.
This entry was posted in Blog, content writing, Small Business Support and tagged , , . Bookmark the permalink.

2 Responses to GDPR – Find Out or Get Fined?

  1. Pingback: How to Gain Trust | My Words Work For You

  2. Pingback: GDPR Don’t Panic, Just Prepare | My Words Work For You

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.