Is Your Business Ready for GDPR?
The 25th May might seem like a while away, but it’s better to prepare now than leaving it until the last minute. But is your business ready for GDPR? It’s crucial you know the facts, so you act accordingly.
Who Will It Affect?
It isn’t just big businesses with masses of data that GDPR will impact. No matter how small your business may be, if you hold customer data, the new regulation will apply directly to you. Any company that sells or stores personal information is subject to the changes.
Even if your company is based outside the EU, the regulations will apply to you – if you handle data belonging to EU residents.
Do You Know the Rights of Your Customers?
If you want your business to be prepared, you need to know the rights of all your customers. It doesn’t matter if their previous, current or potential customers, the new rules apply to everyone’s personal data.
The Right to Access
If somebody requests access to their personal data, you must abide. Everybody has the right to know how their data is gathered and what it is intended to be used for.
You must provide their data free of charge and in an electric format if preferred.
The Right to be Forgotten
I discussed this in my blog post, “Getting Started with GDPR “, but here’s a quick reminder.
If a client is no longer using your services, or they want to withdraw their consent for you to use their data, they have the right for the data to be completely deleted.
The Right to Data Portability
If requested, individuals have the right to transfer their data from one provide to another, in a machine-readable format.
The Right to be Informed
Your customers have the right to know that their data is being gathered before it happens. Customers should have the choice whether their data can be collected, and consent must be given rather than presumed.
The Right to Have Information Corrected
Everybody has the right to update their data is it’s out-of-date, incomplete or inaccurate.
The Right to Restrict Processing
Everybody has the right for their data not to be processed if they request.
The Right to Object
Consumers have the right for their data not be used for digital marketing. Under no circumstances can this be broken, and processing must be stopped whenever the request is received.
You need to make it crystal clear to your consumers at the start of every communication.
The Right to be Notified
In the event of a data breach, which effects your consumer’s data, everybody effected has the right to be informed within 72 hours of your first breach.
You need to be prepared for stricter regulation. Right now, things are a bit ‘wishy-washy’ and ‘consent’ can be manipulated by businesses. But that’s all about to change.
Everybody has the right to withdraw their consent. You can’t just presume a consumer has given you consent for different processing activities when they were under the presumption it would be for a singular activity. You need separate consents for each processing activity.
You need to be able to prove that someone has agreed to a certain action. Like newsletters, have they specifically given you the go-ahead to send them weekly updates? You can’t just assume because they gave you their email to enter a competition that is means they consent to your newsletters. A lot of companies offer an opt-out option, but unfortunately, this will no longer be enough.
As you can imagine, this will have a ginormous impact on the way most businesses handle their sales and marketing. Take some time to review your processes and reevaluate your strategies. Hence why it’s so important businesses start preparing for the adjustments as soon as possible! Don’t worry if you have no idea where to begin – I’ll soon share some helpful tips to you can be fully prepared and make accurate amendments.
You’ll need visible confirmation – like a form with a tick box so consumers can agree to receive your communications. You will need to ask them to reconfirm it was indeed their actions in a later email.
Even if you buy marketing lists, it’s your responsibility to gather the appropriate consent information.
The Bottom Line
Of course, it’s best to comply. After all, the regulation does have your customer’s best interests at heart.
Penalty charges are looking to be tough – if you do not comply, fines can be up to 4% of your annual global revenue or 20 million euros.
As you can see, GDPR has the interests of the public at the forefront of their minds, rather than the significant effect it will likely have on many organisations.
Yes, GDPR might make things a little difficult for your company to start with, and you may need to make a lot of amendments. But, remember, everybody is in the same boat.
About the author:
Marie Harwood is a Digital Marketing Assistant at Different Gravy Digital, Hale, Cheshire.
Different Gravy Digital are a full service Digital Marketing Agency operating in the Hospitality & Leisure, Financial Services, Legal & Property sectors. Products and services range from; 3D & 360° Tours, Website Design & Build, Social Media, Video Production, Search Engine Optimisation (SEO), Content Creation, Email Marketing, Online Feedback / Review Systems and Paid Advertising (Google, Bing and Social Media).
0161 706 0004
120a Ashley Road, Hale, Altrincham, Cheshire, WA14 2UN