By Maddie M | Wednesday 7 February, 2018
Our data protection laws were last updated in the 90s. With the vast change in our online systems and how businesses process data these are no longer fit for purpose. New laws are being introduced to create transparency and give users more control over the data businesses collect.
All small and large businesses will be affected by this, so Redder have produced some information of what you need to know and action before 25th May 2018. The cost of non-compliance will be very costly with maximum fines being up to €2 million or 4% of your global turnover, it’s worth having a good read through and Redder are happy to help with any of your enquiries.
Make sure your company understands GDPR and is ready for the changes coming in May.
Moving forward it will be important that you understand what data you have and where it’s coming from:
Think about building an information audit.
GDPR Article 12 – transparent information, communication and modalities for the exercise of the rights of the data subject.
Make no grey lines between you and your consumers. People do business with other people they know, like, and trust.
Build trust by treating consumers data with respect and making your objectives for the data clear.
Users will now have the right:
This could become a lot to manage, so think about whether you actually need all of the data you have and how you can easily manage handling all your data.
If you have a breach of data you will now have 72 hours to report it.
The users who have had their data stolen would need to be told and if it concerns people’s safety you would also need to report the breach to the ICO.
GDPR means ramping up your security to the max and have a system in place incase something happens.
A big part of GDPR is the control users will have over their data. You will no longer be able to buy data from third party companies unless users have opted into hearing from you.
To use the personal data, you will need to have proof of consent from your users.
Users should be given a choice of what they do and don’t subscribe to. A great example of this is the Swimathon opt in page. Create transparency between your business and your users.
If your cookies collect personal data from your users like location or IP addresses you will now need to get users permission to use these before they can track anything.
Your privacy policies will need to be simple, clear and written in easy to understand language.
Due to the restrictions of user consent, targeted marketing will be harder and methods such as email marketing will not be as easy as it used to be.
Think ahead and get your marketing team ready for the change with a plan of action!
To keep the data you already have you will need to have proof that person has given you permission to use it.
If you don’t currently have proof of this, you will have to get users to re-opt in.
It’s not all bad! After this process you will have a list of people who have GENUINE interest in your business and WANT to hear from you.
Any previous clients of Redder are responsible for their own data and their systems however, we are happy to help getting you GDPR compliant.
Moving forwards Redder will be 100% compliant with GDPR and will ensure all future projects with clients will also be GDPR compliant