Getting ahead: Tackling GDPR
14th November 2017
In recent months, there has been a huge amount of talk about GDPR - General Data Protection Regulation - which will come into force in May 2018. It's all about protecting Personal Data (data that can be used to identify a person, such as their name, address, or telephone number) and thinking carefully about how you acquire this data and use it within your own organisation.
Now that we live our lives online and surrounded by databases, this may seem a difficult task - but if you make a start now, it doesn't have to be onerous! Here's a quick summary of how you can get ahead.
Firstly, take a look at the ICO's very handy 12-step guide: https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf which tells you very clearly what the whole thing is about.
In terms of transparency, make sure you know what data you currently hold on people, and whether you have sufficient justification for storing it. Have you got these people's permission to store their data? And do they know what they signed up for? This will be particularly critical moving forward in order to comply with GDPR rules.
If you hold any personal data of others within your organisation, you must make sure you lock it up securely, keep it confidential, and that it cannot get stolen or leaked out into the public domain. You also need to make sure that you make very clear in your Privacy notice, and in all communications with your clients and associates, exactly how you are gathering their data, and what you are doing with that data to keep it secure. You also need to make it very easy for people to request for their details to be removed from your database. You can no longer rely on an 'opt out' form of marketing - from hereon, it must be completely 'opt in'.
Make sure that you put systems in place to obtain suitable permission from parents and guardians if you need to gather children's data in any way, and you will also need to name a Data Protection Officer (DPO) in your organisation who will be responsible for keeping an extra special eye on data protection moving forward and making sure that maximum controls are put in place to keep that data secure. Consent to contact people, particularly if you buy in data, is also a massive issue: http://www.coastdigital.co.uk/2017/01/25/general-data-protection-regulation-mean-digital-marketers/
Perhaps you are already well on your way to being ready for the new era. Or maybe it's just the beginning.
But to help you on your way, take a look at Nettl's Flowchart - take the test and see how well you are doing! https://www.nettl.com/uk/gdpr-start-here