Currently, the DPA, in conjunction with the Privacy and Electronic Communications Regulations (PECR) govern how personal data is handled, there are clear rules and guidelines specifically relating to direct marketing calls, e-mails, texts and tracking via cookies (to name a few). Both sets of guidelines overlap to ensure personal data is handled appropriately across media.
In a four year-long process, the EU have amalgamated and updated the key principles in the current framework, to generate a single legal framework that applies to all EU members. Until now, legislation only applied to controllers, however, the new GDPR will shift the responsibility to both controllers and processors, with non-compliance resulting in heavy penalties.
GDPR saw a higher level of press at the end of 2017, from articles in the Sun to the BBC, bringing much needed exposure to a regulation that effects many companies who had previously ignored or thought didn't apply to them.A lot of what is currently being written outside of the ICO or DMA , could be deemed scare mongering by people trying to make quick money, offering services for requirements that aren’t confirmed to be part of the bill yet!
WHEN DOES THE NEW REGULATION START?
- May 25, 2018
WHO WILL ENFORCE IT IN THE UK?
- The Information Commissioner's Office
- There are new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines
DOES BREXIT MATTER?
- The UK is implementing a new Data Protection Bill which largely includes all the provisions of the GDPR. There are some small changes, but our own law will be largely the same
GDPR Made Simple
GDPR is implemented on the 25th May 2018 and will apply to all businesses in the EU, the main impact being on the collection, storage and use of personal data
What is the impact of GDPR?
Every Organisation that holds personal data will be affected in some way shape or form by GDPR, just a few examples are;
• personnel records
• customer details
• prospect data
• online identifier data
Regulation gives individuals more rights in respect of their data, including more control and visibility of how their personal data is being used, and the right to have that information removed or moved if requested.
GDPR’s and Marketing Data
GDPR has a big impact on marketing data, of the six lawful grounds that data can be processed, the two relating to Marketing data are Consent and Legitimate Interest. Consent is the most affected – rules around third party and soft opt-in’s implying consent to market to an individual have been tightened drastically and if asked, an audit trail of consent being granted must be produced for the ICO (the UK’s data supervisory body.) When Processing data under Legitimate Interest, Marketers must weigh up their right as a business to market to someone against their right to privacy. In all cases, a clear opt-out must be offered and a compelling case for why someone may be interested must be established.
What should I do now?
Koju Media have helped a number of clients with all aspects of GDPR across Data, Cyber Security, Legal and data storage. In the words of the DMA, the first step towards GDPR compliance is to clean your data! As a special introductory offer – Koju Media can conduct a free data audit. The audit will highlight any potential pitfalls with data permissions, duplication, third parties etc.See more detail on our Data Cleansing page.
The ICO’s guide contains very useful information that you need and will talk you through all the changes you can make to your companies processes now. You can read the full guide Here
Get GDPR Ready
How can Koju Help?