The new General Data Protection Regulation (GDPR) will be implemented on May 25th this year. GDPR is designed to protect individual rights to privacy and use of their personal data.
Your company employees, customers or suppliers will be affected in some way. If you haven’t already done so, now is the time to act in order that you are compliant when the regulation comes into force.
All persons responsible for controlling and/or processing data must comply with the requirements of GDPR in relation to collecting, storing, analysing or processing any personal data which could include email addresses, telephone numbers, HR records or home address details.
Huge penalties are a possibility for any breach of the new rules so, with only a few weeks left to the deadline, businesses that have not already done so should start to make sure they are compliant.
The regulation will apply to:
Data Processors i.e. those who have been appointed to process the data on behalf of a data controller. The processor must ensure that data is compliant prior to processing.
Data Controllers i.e. those collecting and storing any personal; data, whether these records are customers or prospects. The Data Controller may also be the Data Processor but in any event, both Controller and Processor are liable for the security and compliance of the data.
GDPR applies to ANYpersonal data that can identify an individual, including name. identification number, location, online identifier such as an IP or email address, photos and biometric data from fingerprint or face recognition systems. Business contact details also count as personal data as does a mobile number whether work or private.
The GDPR will not be affected by Brexit as it is already UK Law.
If you are a business marketing to consumers (B2C). You will not be able to freely target consumers across all methods of communications as you do now. You will have to gain their consent which means they must have opted in to receive sales calls, email offers, letters and brochures. This applies to current customers and prospects.
If you are a business marketing to other businesses (B2B). It is the same as B2C when it comes to email communication. You will only be able to contact them once they have opted in .However with postal communications you can mail to them as long as you give them a clear and easy way to opt out.
Telephone communications will also be restricted. If a potential customer contacts you and requests a call back or quote, calling them back is classed as a legitimate interest. For existing customers, this falls under soft opt-in giving you the option to contact them. However, you must always provide a clear option for them to opt-out at any point.
The regulations for communication are as follows:
Telephone: B2B – opt in only (but not to existing customers). B2C – opt in only
Email: B2B – opt in only (but not to existing customers). B2C – opt in only
Post: B2B – legitimate interest but must be given an option to opt out. B2C – opt in only.
Further information can be found at:
https://www.eugdpr.org/
https://www.gov.uk/government/news/government-to-strengthen-uk-data-protection-law
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
European Sign Federation