Does GDPR really matter? It’s fine, I’ve got plenty of time haven’t I? I must aready be covered, surely?
These are just a few of the questions we hear on a regular basis regarding GDPR and the upcoming changes in data protection. And the answers – yes it does, no you haven’t and unfortunately, probably not.
In fact, one of the most honest answers to this question has come from a blog post from David Savage, an associate director and technology podcaster, titled “Why does GDPR matter so much? Because you employ people like me!”
His inciteful blog outlines, very simply and honestly, a few scenarios as to why, as the employer, something which may seem like it’s not your problem, almost definitely is. Our favourite of Savage’s examples? This:
“When I started at my current company I was 22. All of my university friends were in London and the idea of going out on a Wednesday night didn't always seem particularly dumb. If I also went out on Thursday and Friday I was a little tired by the weekend. I'd regularly fall asleep on public transport. Once I fell off my seat on a bus and ended up in A&E, another time I hitchhiked back into London after discovering my ‘phone and wallet had been taken from my boozy unconscious form. We can all fall asleep and leave documents or hardware at risk whatever state we’re in. If that mobile had been my work mobile the breach would be by my employer, not me.”
Yes, it may seem like a bit of a trivial example. But it outlines perfectly just how easy it is to commit a breach. And it can even be extended to inside the office. For example, when personal documents or sensitive information are left in the printer and become accessible to anyone. This is especially of note as GDPR now requires privacy by design, so systems, processes and software must also comply.
And unfortunately, for both these situation, negligence and denying all knowledge just won’t cut it when the fines start rolling in.
So it’s important to remember there are many factors that need to be taken into account. You can read more about GDPR and the key factors you’ll need to take into consideration here. Or why not get in contact for a non obligatory conversation or meeting to find out how we can help ensure your compliance.
Despite not seeming like the most obvious connection, GDPR and marketing actually going hand in hand. The new regulations come into effect on the 25th May 2018, so it’s important to understand what it will means for your marketing efforts.
The ICO has already announced that failure to adhere to the new GDPR regulations could lead to fines of 2-4% of annual turnover or 20m Euros – whichever’s highest! So, if you use personal information as part of your marketing, then take heed.
GDPR defines consent as “freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which a statement or clear affirmative action, signifies agreement to the processing of personal data relating to the subject.”
So the key questions to ask yourself is: do you have explicit consent to use the data? In other words, has the individual given you permission to use their data for the purpose you’re using it for? Bear in mind that if this is ever queried, you will need to prove permission was given.
Effectively, you can no longer rely on silence, inactivity or pre-ticked boxes – consent must be freely and wholly given. Plus, you must have a process in place so that the individual knows how they can withdraw consent at any time.
If you process data for any of your marketing, the onus is on you to make sure that it fulfils the new GDPR regulations before D-Day. And while May 2018 may seem a million miles away, this is just one aspect of many that needs to be complied with. So why not get a head start on your compliance and avoid the last-minute rush.
If you want to see how we can help you transition to comply with the new GDPR rules, get in contact today.
“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
Elizabeth Denham ICO (information Commissioners Office)