GDPR – Don’t panic, follow the rules.
“It’s not just about being compliant on 25 May, it’s about developing a culture that recognises the risk of non-compliance and has the tools and resources to manage those risks.”
Elizabeth Denham UK information commissioner.
The GDPR (General Data Protection Regulations) are scheduled for introduction in less than one month’s time and just like the panic that engulfed us with the millennium bug some 18 years ago, this new regulation promises similar excitement but without the all-night party and pretty fireworks.
Already we are seeing “email opt-in fatigue” as more and more organisations check box their marketing databases. But before you push that panic button, take our advice and get someone in your organisation to read and understand what you need to do. It may be that you don’t need to get re-consent, you may be able to use the legitimate interest rule but read and research the rules!
One of the most significant benefits in the B2B environment is the data sharing relationship between client/support and partners. You can no longer point the finger away from you. All parties equally and transparently must collaborate, plan and hold independent records.
So how do you make that plan? The ICO (Information Commissioner’s Office) has said that if you are prepared, and you record and manage personal data lawfully, fairly and transparently it should be relatively pain free. Here at Jump HQ we like reading and if we can give you one piece of advice it’s that! Get someone in your organisation assigned to GDPR and read the rules!
Some initial pointers to get you on the right track:
- Read this! GDPR The 12 steps to preparing for the GDPR
- Ensure your company has a data controller & processor in place (whether that’s a branch or an individual) and get them totally up to speed
- Identify high risk data – where is it? Where does it come from? Who sees it?
- Map the data flows – understand the different paths within your organisation and where data goes to
- Identify high risk outflows of data
- For compliance you need to build up a record of the data that you have
- If your company has over 250 employees, you are legally obliged to have records of process in place
- Less that 250 employees? Do it anyway as it will be useful to demonstrate you have recorded your processes. See privacy by default For further information on why this is important
- Privacy policy on your website? Write it now, The ePrivacy leglislation is still in draft therefore your data online and any other marketing activity such as marketing calls, text, emails etc. remains under the PECR The Privacy and Electronic Communications (EC Directive) Regulations 2003 until the new ePrivacy becomes law
Even though right now we know GDPR is probably a less than popular acronym in your office, it will create a new normal of shared responsibility and reminds us all that our digital selves have real value. This highly inclusive and analytical approach to the data records that we all hold as marketers and suppliers is a very good thing and highlights immediately that we are all involved, we are all responsible, we are all accountable – not just for ourselves but each other.
Don’t copy your neighbour/competitor/partner approach, do it for yourselves and do it right!
Need any further guidance on GDPR? Contact us we’re happy to help.
Victoria Orford