Are you ready for GDPR?

The imminent arrival of GDPR is giving business owners across the UK sleepless nights. Despite being announced two years ago most firms remain unclear on what the biggest shakeup of personal data privacy rules since the birth of the internet means for them and what they should do to become compliant.

Unfortunately, from May 25, GDPR will become law and breaching it could result in a mammoth fine of up to £18 million or four per cent of your worldwide annual revenue.

However, help is at hand. We have compiled a handy fact sheet giving you the lowdown on everything you need to know about GDPR.

What is GDPR?

Officially known as the General Data Protection Regulation, GDPR is intended to make it simpler for people to control how companies use their personal details.

The legislation was passed by the European Parliament in 2016 and the strict rules mean firms will not be allowed to collect and use personal information without consent. This data includes names, email addresses and phone numbers, alongside internet browsing habits via website cookies.

Data breaches – whether accidental or because of a cyber attack – have to be reported to the Information Commissioner’s Office for the UK within 72 hours and firms must supply individuals with a copy containing all of the data they have on them within 30 days, if requested. Failure to do so could result in a huge fine.

GDPR will empower the people so they are fully aware of what data is being collected and how it will be used.

Benefits of GDPR

Despite the initial panic to make sure you are compliant with the new rule, GDPR will actually benefit businesses. Firstly, the relationship you have with your client base will become more trusting. Understanding what your customers want will help not only meet but exceed expectations. It should also result in fewer unsubscribes and spam complaints, which will improve your email marketing campaigns. And on a personal level, it ensures that you, as a consumer, know who has access to your personal information and what is happening with them.

Brexit doesn’t matter

On June 23, 2016, the British public voted to leave the EU. While no deal on Brexit has yet been agreed, GDPR will be applied in the UK whether it does or not happen. And it doesn’t matter if your firm is based in the UK or not. If your company offers services in the EU then you must abide by GDPR.

What do I need to do?

If you have any information that is out of date or no longer needed, remove it immediately. It has no purpose and ensures it can’t come back to haunt you. If you shared that data at any time you should also contact the firms you dealt with so they can do their own house cleaning.

The most important things about GDPR are consent and being clear with your customers. Let them know what they are signing up for, why you need their details and explain how they can refuse marketing or withdraw their consent.

As a business, you must ensure that individuals are asked to positively opt-in as pre-ticked boxes are no longer sufficient.

You must also record how and when you were given consent. This part includes recording the information that was explained at a particular time, although this mainly refers to large companies that have more than 250 employees.

Websites must also include a compliant cookie policy that is written in plain English. This policy must let users see a clear picture of how cookies are used at any time.

If you are in the business of buying third-party cookies then you are held accountable for ensuring that the information you use for your marketing adheres to the rules. For example, you must know how the list was gathered, know if consent has been obtained, make sure the third party can prove consent and avoid working with firms that withhold this vital information.

For those of you who have amassed a strong email database for marketing purposes, it is imperative that you comply with the rules. Abide by the aforementioned rules and put May 2020 in the diary as you will have to make sure consent is renewed at least every two years.

Good news

The good news is that the main crux of GDPR is mainly the same as the current Data Protection Act. So if you are complying with that you are in an ideal position.

GDPR has probably thrown up more questions than people wondering about the meaning of life itself, but it is all about keeping your house in order and making sure that personal details are kept safe and secure.

If you would like to know more about the effects of GDPR, how to become compliant and avoid a huge fine, contact Online Marketing Surgery today and we can discuss the matter with you. Call us today on 01543 899617 or email us at