As part of our series 5 Top Tips from the Experts, PREACT’s Marketing Director Warren Butler provides his 5 Critical GDPR facts you need know.
In this blog, Warren outlines;
• When GDPR will be enforced
• Will Brexit influence it
• How this will change company’s management of personal data
• How GDPR will affect how data is collected
• What actions are needed to be GDPR compliant
What is GDPR
The General Data Protection Regulation (GDPR) is an EU legislative act for the protection of personal data. It tackles inconsistent data protection laws and seeks to address data security vulnerabilities.
GDPR gives individuals greater control and visibility over their data by improving consent processes. It also gives data subjects the right to have their data 'forgotten' when it is no longer being used for the purpose which it was collected.
Over to Warren (Thank you –important information here!)
5 Critical GDPR Facts You Need Know
1. When will GDPR be enforced?
GDPR comes into effect on 25th May 2018. If you fail to comply with the regulation, you could be fined up to 4% of your company’s global annual turnover, or €20m, and your reputation damaged beyond repair.
2. Will Brexit affect the impact of the GDPR?
No. The UK will still be part of the EU in May 2018 and it will need to be recognised as a safe data haven to continue trading with EU members. GDPR applies to all businesses working within the EU and with EU data. The UK government has stated that this is good business practice and will likely introduce new legislation post-Brexit which reflects the GDPR.
3. How will this change company’s management of personal data?
An organisation must be clear on the type of personal data it is processing, and how this is used. This involves understanding how data flows through, and out of, the organisation, who has access to it, and what protections are in place at each step.
A unified CRM system that connects customer data and manages it in a centralised system is crucial. These solutions enable organisations to control access, track changes, protect data and demonstrate transparency. These are essential to demonstrate GDPR compliance.
4. Does the GDPR affect how personal data is collected?
GDPR requires that consent to process personal data must be freely given and unambiguous. How and when this consent was given must be recorded.
Businesses cannot assume that a contact will want to join their mailing list. These instructions must be clearly given without manipulation – pre-ticking boxes on a form or bundling opt-in with other agreement are not compliant processes.
A double email opt-in process will be an important step towards GDPR compliance. This involves contacts posting a form and then confirming this action by clicking a link in a follow-up email.
Double opt-in is a proven best practice to avoid spam subscribers, minimise data cleansing work, increase engagement, and ultimately maximise conversions.
5. What actions are needed to be GDPR compliant
The precise steps needed for GDPR compliance will differ from one organisation to another but all businesses should be looking at what needs to be done now as a matter of urgency.
In many cases, several months will be required to review existing business processes, identify gaps, and implement GDPR compliant processes. By starting now, you can gain a competitive edge ahead, avoid penalties and make improvements to your data management.
Some of these actions could include:
- Carry out an audit to document what personal data you hold, where it came from and who you share it with
- Consider if a data protection officer should be appointed
- Verify that your technology solutions are GDPR compliant, including CRM and email marketing
- Review privacy policies to make sure these are lawful with terms of the GDPR
- Assess if you hold express consent for contacts in your database
- Create a plan to obtain consent for existing contacts
- Define your opt-in statements and develop a double opt-in process that is connected with your CRM system
- Make your CRM system the one source of truth about each customer relationship—this will include email marketing preferences and opt-in consent
- Use CRM security controls including field level security and role-based security to protect data integrity and privacy
- Ensure processes are in place to detect, report and investigate data breaches
N.B. This blog post is not a guide for GDPR adoption and it does not aim to cover all the complexity associated with this regulation. For an expert GDPR opinion, please speak to a legal or regulatory advisor.
Need to manage your data better?
If you would like to find out more about CRM (customer relationship management) go to PREACT or let us know what you are looking for and we will put you in touch.
Are you feeling overloaded and need help getting you and your team focused?
I am a big believer in getting your plan on to one page. Business and management team coaching can help you to move forward and stay on track. www.jackiejarvis.co.uk
Take the First Step