The EU’s upcoming General Data Protection Regulation (GDPR), comes into effect from May 25th 2018. Its chief aim is to protect the personal data of EU citizens and enhance legal rights in this area.
And, whatever the Brexit situation, you must take note – as all firms that deal with EU citizens must comply, regardless of where they are based. Huge fines can be imposed on those who transgress.
So, to avoid that nasty fate, follow my five steps to ensure GDPR compliance:
Be transparent on data access
One of the key aims of GDPR is to give people control over their own data, and that means you must be able to provide data access on request. So, it must be absolutely transparent in regards to how and where you store your data and the procedure by which it can be accessed.
Tell people how you will use their data
When you collect data – names, email addresses, phone numbers etc – you must stipulate clearly and accurately how you will use it. If, for example, you’re going to send your monthly newsletter to all the email addresses you collect, then you must tell the intended recipients exactly that when they provide their address. If you are using it to cross-sell or promote additional products – you need to tell them too.
Under GDPR rules, details must be given actively – e.g. by filling in a box that clearly states how the information will be used. Silent consent, such as pre-ticked boxes, is not allowed. This rule also applies to data you already hold, so should review where you obtained your current data from and the methods used to collect it.
If you share your clients’ data with third parties then you must be absolutely sure that you have your clients’ consent for this. You must also ensure that you know what the data is being used for, and that the firms you share it with are protecting the data properly.
GDPR is coming, so it’s a good idea to put the necessary steps for compliance in place now, as this will help to show your commitment to the new regulation.