Easy steps to GDPR Compliance

With all the new General Data Protection Regulation (GDPR) looming, you could be one of the many now frantically assessing business processes and systems to make sure you don’t fall foul with the new Regulation come implementation in May 2018. Even if you are spared focusing on an immediate compliance project, any new initiative within your company is more likely to have an element of GDPR conformity. And because the deadline moves ever closer, companies be seeking to train their staff around the basics from the new regulation, specially those who have access to personal data.


The basics of GDPR

What is every one of the fuss about and how may be the new law so different to the data protection directive that it replaces?

The first key distinction is one of scope. GDPR goes past safeguarding up against the misuse of private data including email addresses and phone numbers. The Regulation applies to any kind of personal data that may identify an EU citizen, including user names and IP addresses. Furthermore, there is no distinction between information held on an individual in a business or personal capacity – to make sure considered private data identifying someone and is also therefore covered by the new Regulation.

Secondly, gdpr courses london gets rid of the benefit from the “opt-out” currently enjoyed by a lot of businesses. Instead, utilizing the strictest of interpretations, using personal information of your EU citizen, requires that such consent be freely given, specific, informed and unambiguous. It requires a positive symbol of agreement – it cannot be inferred from silence, pre-ticked boxes or inactivity.

It’s this scope, along with the strict interpretation which has had marketing and business leaders alike in this fluster. And rightly so. Not merely will the business have to be compliant using the new law, it could, if challenged, be required to demonstrate this compliance. To make things even more complicated, what the law states will apply not only to newly acquired data post May 2018, but in addition compared to that already held. If you have a database of contacts, to whom you’ve got freely marketed in the past, without their express consent, even giving the individual a choice to opt-out, whether now or previously, won’t get it.

Consent needs to be gathered for the actions you intend to take. Getting consent in order to Utilize the data, in all forms won’t be sufficient. Any set of contacts you’ve got or intend to obtain an authorized vendor could therefore become obsolete. Minus the consent in the individuals listed for the business to utilize their data for your action you had intended, you may not be able to make use of the data.

But it is don’t assume all as bad since it seems. At first glance, GDPR seems like it could choke business, especially online media. That is really not the intention. From your B2C perspective, there might be quite a mountain to climb, as with many cases, businesses will probably be dependent on gathering consent. However, there’s two other mechanisms by which use of the data could be legal, which in some cases will support B2C actions, and definately will probably cover most regions of B2B activity.

“Contractual necessity” will remain a lawful cause for processing private data under GDPR. Which means that whether it’s necessary that the individual’s details are used to fulfil a contractual obligation using them or do something in their request to enter into a contractual agreement, no further consent will probably be required. In layman’s terms then, utilizing a person’s contact information to create a contract and fulfil it’s permissible.

There is also the path from the “legitimate interests” mechanism, which remains a lawful grounds for processing personal information. The exception is how the interests of those using the data are overridden by the interests with the affected data subject. It’s reasonable to visualize, that cold calling and emailing legitimate business prospects, identified through their job title and employer, will still be possible under GDPR.

3 Steps to Compliance…

Know your data! Regardless of the flexibility afforded by these mechanisms, specially in the context of B2B communications, it’s worth mapping out how personal information takes place and accessed within your business. This method can help you uncover any compliance gaps and do something to make necessary adjustments to your processes. Similarly, you’ll be seeking to understand where consent is necessary and whether any of the personal data you currently hold already has consent for that actions you would like to take. Or even, how would you go about obtaining it?
Appoint a Data Protection Officer. This can be a requirement underneath the new legislation, if you plan to process personal information frequently. The DPO will be the central person advising the company on compliance with GDPR and it’ll act as the key contact for Supervisory Authorities.
Train your Team! Giving individuals with access to data adequate training on the context and implications of GDPR will help avoid a potential breach, so don’t skip this point. Data protection might be a rather dull and dry topic, but taking just a little of your time to ensure workers are informed is going to be time well spent.
Check out about gdpr training london go to this resource: check here

Leave a Reply