ARE YOU GDPR READY?
6th November 2017Conventional wisdom would have us believe that it’s love that makes the world go around. Or money. But in the 21st century, digital age, it’s actually data that’s the most valuable currency of all.
Capturing, analysing and utilising data to engage with existing and potential customers has become core to the way most organisations operate. Data is precious - and yet most of us give away personal data for free on a daily basis. Whether we’re using a loyalty card in the supermarket, posting on social media or buying something online, our data is being collected and we’re not always in control of how it’s used from there on in.
But, in May next year, there will be a seismic shift in the way that businesses, public sector organisations and charities are permitted to utilise data and the way they’re required to store it.
On 25th May 2018, following a two year transition process that has been underway for the past 18 months, the GDPR (General Data Protection Regulation) legislation will become enforceable under EU law, introducing greater accountability for the use and storage of data. And, despite the fact that the UK is leaving the EU, the British Government has made it clear that we will be permanently adopting GDPR and applying the rigorous penalties involved for those that flout it.
And yet, many organisations haven’t even realised that the legislation is coming, let alone invested in preparing for it.
So what do the changes actually mean? The impact of the new legislation varies depending on the size and nature of your organisation, but it will apply all organisation, even to small businesses. And the penalties for non-compliance are considerable: up to four per cent of global annual turnover or €20 million, whichever is greater.
GDPR builds on existing data protection laws but is much broader it is scope and focuses on how securely data is protected by legitimate users, in addition to its misuse. An organisation must not only be able to prove that data has been ‘opted in’ but must also be able to demonstrate that they are keeping all personal data securely. They also have to be able to ‘forget’ data on request by deleting all traces of it from their systems.
It’s an area of law that will be particularly relevant to marketing companies and marketing functions within business, which is why Clare PR has invested in ensuring we’re up to date with what’s involved. The good news is that there are lots of seminars and training courses out there and plenty of useful information from the Information Commissioner’s Office at https://ico.org.uk/for-organisations/business/