What's New

DATA PROTECTION IS CHANGING

Tewkesbury

What is the GDPR? The GDPR, or General Data Protection Regulation, is a new EU law which replaces the current DPA, or Data Protection Act. Why is the GDPR replacing the DPA? The original DPA first came into force around 1998, before the Internet became such a part of our day-to-day lives. In the last 20 years the way we use technology and the way we communicate with business has changed significantly and it was only natural that the way our data is handled by these businesses had to change as well. The main differences between the GDPR and DPA cover the definition of personal data and the way in which consent to use this data is obtained and managed. The GDPR has extended the definition of personal data and will require opt-in for the use of any data which can be used to identify a person, from name and age to cookies and internet tracking. On top of this, the regulation will require stricter processes for obtaining this opted-in data – say goodbye to pre-ticked opt-in boxes! Any data which you use for marketing purposes when the GDPR comes in effect will require a clear evidence that an opt-in has been obtained and should a customer request this evidence it will need to be given freely to them.

When does GDPR come into effect?
The GDPR has been in the making for 7 years but will not be a legal requirement until 25th May 2018.
Is GDPR relevant to my business or does GDPR affect big businesses only?
The GDPR affects all business which contact consumers, sole traders and partnerships. The size of your company does not matter. Currently there is no update to the way B2B marketing works, but this could all change so we would suggest that no matter what size your business or who you are marketing to you take action to protect your data from becoming unusable.

Do we need to implement any changes now of wait until it comes into effect?
I would strongly suggest you start implementing changes as soon as possible. Start today by drafting a new privacy policy, a new internet cookie policy and a new consent statement for opt-ins and send them to your legal advisor for checking. If your policies are not suitable and you use them to cleanse your data you could end up having to repeat the process over again. The next stage will be to update any web forms you use to obtain data and contacting
your current email databases asking your customers to opt-in again advising them of your new policies.

What data is affected by the introduction of GDPR?
The GDPR applies to any data which you collect for marketing purposes whether it be digital or printed. It is important to consider how your business obtains marketing data when updating your policies. For example, if you attend a lot of exhibitions a business card in a bowl will no longer count as an opt-in. You could consider taking a tablet computer with you to exhibitions and asking potential customers to review your consent statement, completing an online form and opt-in there and then.
Does my business need to have a Data Protection Officer?
You will only need a Data Protection Officer if you are processing large amounts of data, you dealing with sensitive data or you are a public body.
Will the GDPR affect how I manage my marketing campaigns?
Definitely, but there is no need to panic. You might find that following an opt-in process you have a significantly reduced data set but these people will be much more engaged with your business. We have seen click through rates on emails to opted-in customers improve from <1% to 15%! Remember that the data you collect and the way you handle your data differs from business to business. As with many regulations, there are some grey areas so you should always check with your legal advisor that the changes you make comply fully with the GDPR.
For more hints and tips click here to check out our newsletter, TouchingBase.