What is GDPR & What does it means for your business.

What is GDPR & what does it mean for your business?

What is GDPR?

If you find yourself wondering what is GDPR, Investopedia sums it up as “the General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).”

Data – a small word with a big meaning. It holds all the information to your life and legislation is there to protect those details from being used inappropriately. Data protection legislation is changing on 25 May 2018 and it will impact how that data is used for marketing purposes.

It may feel like a long time until General Data Protection Regulation (GDPR) comes into force next MAY but it will sneak up on us busy people before we know it. People who use email marketing, direct mail or telemarketing need to prepare for big changes – and that’s a lot of us.

So what is GDPR? Put simply, data protection regulation is changing because the world is changing too. Current legislation has not kept pace with the digital landscape. It’s the biggest overhaul of data protection legislation for over 25 years and it will push data protection to the forefront of people’s minds.

What do I need to do?

You may think that you’re not collecting data about anyone, such as their name, address or date of birth. But data goes much further than that online. If you have tracking tools on your website – like our old friend Google Analytics – then you are.

We’ve all come across privacy policies, cookie notifications and boxes to join mailing lists. These vital principles of data protection need to be fundamentally built into the fabric of your marketing activity. The new law also bans common marketing practices such as automatically checked opt-in boxes or burying details in a privacy policy. So, even if you think you’re covered, think again.

Use or collection of data needs to be explicitly explained, requested and recorded. A person can submit a subject access request at any time. You would need to provide a paper trail on when you received their permission to contact them.  There needs to be a simple way to opt out. This could be through an ‘unsubscribe’ link or an address to email. Whichever option you go for, track all of this activity on a ‘do not contact’ list and stick to it.

Our online browsers and potential customers are a savvy bunch. If you collect information on your website, even on a simple contact form, you need an SSL certificate which encrypts that data. Giving your website a little padlock in the browser bar and its visitors the confidence that their details are in safe hands.

Do not let yours be a risky business

It’s not worth taking a gamble on GDPR as your company could face hefty fines. This could be as high as 420m (£17.2m) or 4% of a company’s total worldwide annual turnover – whichever is higher. Current laws covering data protection can impose a fine of no more than £500,000. This is a massive increase and reflects how serious this law will be taken.

It goes without saying that this law has huge implications for most – if not all – organisations and businesses. Keep an eye out for our future blogs which will drill down on what GDPR means for you, how to prepare for next May and our examples of best practice. 

Find out more about the team