Unless you have been living in a cave, you should be aware of the forthcoming GDPR legislation. At least you should be aware, however in a busy world it is all too easy to put things off or just ignore what may not see like an urgent requirement. However, you can put it off no longer. The forthcoming GDPR is almost here and it has far reaching ramifications for almost every part of our industry.
What is GDPR?
GDPR is the European Union’s General Data Protection Regulation, a total overhaul of data protection legislation which will see the end of the now somewhat dated Data Protection Act. The intention was to create a European standard for data security which truly reflects the modern environment.
It will come into force across Europe on the 25th May 2018 and carries some frightening fines for organisations who fail to abide to the new standards (up to €20 million). Despite Brexit this is a one European regulation here to stay and so you need to be aware of it and be ready for its launch.
Does it affect me?
Similar to the old Data Protection Act, the GDPR regulations affects any organisation who uses or processes personal data. It sets out six lawful basis for processing data:
- Consent - an individual has given clear consent for you to process their data for a specific purpose
- Contract - the data processing is required as you have a contract with an individual or to enter into a contract with them.
- Legal Obligation - the data processing activity is necessary to comply with the law.
- Vital interests – the data processing is necessary to protect someone’s life.
- Public task – data processing carried out in the public interest or for official reasons.
Legitimate interests – the data processing is necessary for your legitimate interests or those of a third party, unless there is a good reason to protect the individual’s data which overrides them.
You need to understand why you are processing an individual’s data and ensure you meet the requirements for one of the lawful basis of processing. One of the most used methods for most businesses will be Consent, and there are some clear rules for ensuring you stay above the law.
Consent must be freely given and it cannot be a precondition to you offering a product or service. It means giving individuals genuine ongoing choice and control over how you use their data. The consent process must be obvious and require a positive action for the individual to ‘opt-in’ for example a tick box or other selection. However, this cannot be pre-selected, there must be an explicit action taken. Your consent opt-in cannot be hidden in terms and conditions or other documents and should be a clear part of your process.
Consent must be specific, clearly stating who will be using the data, for what reasons and why. Importantly you must provide individuals with the option to opt-out at anytime. Therefore, even if an individual has agreed to receive marketing information from you in the past with a clear opt-in, they can subsequently ask to opt-out.
Time to review
It is a key time to review how you are working with personal data. If you currently manage data for direct marketing are you sure that you have correctly gained full and clear consent for marketing communications for example. If you buy in data from third parties, you need to be sure it meets the requirements of the GDPR.
This is an area where Data Giant excels as a provider of highly converting web leads they can guarantee the source and be sure the leads they provide meet the requirements for GDPR. Their professional team ensure any data gathered is done so transparently and with full opt-in consent obtained. You can be sure that web leads obtained from Data Giant are not only some of the best in the business, but are also legal and meet all the relevant standards.
Make contact with the Data Giant team today!