COUNTDOWN TO GDPR Is your business prepared?
It’s being hailed as ‘the biggest change to data protection law in a generation’, it affects almost every business in the UK and there is less than a year until it is enforced, so why aren’t more people talking about the General Data Protection Regulation (GDPR)?
With a much wider scope than its predecessor, the Data Protection Act 1998, the GDPR also comes with the threat of severe financial penalties, designed to make senior management sit up and listen.
Yet it is still being swept under the carpet, considered ‘something to look at another day, nearer the time… maybe… if we have time’.
Yes, there is still a lack of awareness. I recently attended an event designed to update Welsh businesses on the GDPR and around 70% of the SME leaders in attendance had never heard of the new law until they walked into the room that day. That left them with just 11 months to make some pretty big changes to the way their business operates.
However there are plenty of businesses that are fully aware of what is expected of them post May 2018 and are still not acting. It’s become the elephant in the room.
‘By failing to prepare, you are preparing to fail’ – Benjamin Franklin.
GDPR covers a host of issues from cyber security and individual rights to accountability, but there is one that strikes the greatest fear into the heart of marketers – the issue of consent.
Gone are the days of pre-ticked boxes and vague permissions, a new day is dawning for consumers, and marketers need to urgently address it.
The simple fact is that, after 25 May 2018, any data you have that does not comply with GDPR will be illegal.
It will be rendered useless overnight. That database that you’ve spent years building up, which feeds your thriving marketing and sales team, will disappear and, if you’re really lucky, you’ll be left with a handful of people to engage with.
All it takes is for ONE person to complain about misuse of their personal information and you could be slapped with a penalty of 4% of your annual worldwide turnover or 20 million Euros.
There are some big, unavoidable changes that every business needs to make and there is no getting away from them. Instead of hiding from it, use the GDPR as an opportunity to take the lead and thrive as a business.
What can you do?
If you are not aware of the far-reaching scope of GDPR, start getting up to speed now. The Information Commissioner’s Office (ICO) has handy information on its website, along with step-by-step guides to help you prepare, looking at all the key issues. They also seem to be open to questions and queries (of which I’m sure there will be many!).
The issue of consent is perhaps the most urgent for many but there are simple things that you can start doing now to get prepared.
How was your current data collected?
Was a proactive consent given? Is it compliant with GDPR? If not, start ensuring it is.
If you think you get a lot of emails now, imagine how many you’ll be receiving in the run-up to May, asking you for your permission to be contacted? The same will be true for your customers so get ahead of the game. After 25 May 2018, it will be illegal to contact them in that way!
How are you currently collecting data?
Ensure that all new data that you gather from this moment forward is GDPR compliant. Get into good practices early and build up a clean, compliant database over the next 11 months so you can hit the ground running in May.
Are you recording consent?
Under GDPR, you have to not only be compliant but demonstrate your compliance with documentation, e.g. you have to prove consent. It will take time to get the right policies, procedures and documentation in place so don’t underestimate the job in hand.