What is GDPR? It’s a frequent question these days.
It’s been hard to miss the phrase GDPR being thrown about a lot in the news recently and many have been left wondering “what is GDPR exactly!?” Well, it will bring about a lot of change both for businesses and consumers, especially in regards to marketing campaigns that require businesses to use a lot of customer data.
Here’s everything you need to know about GDPR:
What is GDPR exactly?
GDPR stands for General Data Protection Regulation. It’s set to come into effect on the 25th May and is filtering through from EU law.
Before going into anything more detailed, you should be aware that GDPR security is essentially a massive upgrade to any existing data protection regulation. Also note that, even after Brexit goes through and the UK leaves the EU, GDPR will remain in place.
Who will GDPR affect?
GDPR affect any business that stores and uses customer data for any purposes. This includes businesses of all sizes, across all industries. It also includes anything you do with the data. For example, you might store data to then use on advertising campaigns on Google AdWords or Facebook. GDPR applies to everything you do. Similarly, you can only use data to send customers emails if they have opted in allowing you to do so.
What changes will it bring about
Broadly speaking, GDPR is a set of policies being brought in to ensure consumer data is:
• Collected more ethically
• Used with greater transparency
• Stored more safely
• Easily accessible by the individuals
Any changes being brought in are there to help meet these four aims. These changes include the following:
Individuals hold increased rights over their data
GDPR 2018 is making it clear that individuals hold complete control over their personal data. As such, they have increased rights about how their data is used. This includes the right to be forgotten. This requires you to delete any data you hold on an individual as and when they ask you to.
They also have the right to transfer any data you hold. For example, if you offer a service and your customer wishes to transfer their data to a competitor, then you must transfer this to the other firm and delete your records. You will need to have a clear process in place for customers to enact these rights.
As a business, you will be held accountable
It’s your responsibility to ensure that you are safely collecting, handling and storing any data. If you are found to be in possession of data that you shouldn’t have, then you will be held accountable. For example, if you are using customer data for advertising purposes on Facebook, but didn’t receive consent to do so, you are accountable. Now you get why it is important to know what is GDPR?
There are hefty penalties being enforced
The body in charge of monitoring and enforcing GDPR security is the ICO (Information Commissioner’s Office). They are having their powers expanded considerably.
This includes being able to carry out inspections as and when they wish. Also, the maximum fines they can impose have been raised. They can charge businesses up to £17 million, or 4% of global turnover.
How to get your business ready for GDPR
From reading all of the important changes above, you should already have an idea of how GDPR will affect your business. To make sure you are ready on time and to help you avoid any fines, here’s what you’ll need to get done.
1. Make sure you are receiving consent
Before you collect and store any customer data, you must ensure you have steps in place to receive consent. Google and Facebook have both made it clear that the onus is on all advertisers themselves. If you collect any customer data via your site, then be sure to include opt-in forms.
The recent Cambridge Analytica disaster is the most recent example of a large scale-misuse of customer data. It has made everyone well aware of the need to safeguard their data and to better understand who has it. This one scandal even led to Facebook scrapping their highly profitable Partner Categories programme altogether.
2. Put plans in place in case of a breach
By law, if a breach does occur then you have 72 hours to inform anyone affected if they face serious risk.
3. Grant customers access to data
Anyone whose data you have stored should have easy access to this information. Allow them this access and let them edit and delete it as they wish.
4. Consider hiring a DPO
If you have lots of sensitive data, then your company might want to consider hiring a Data Protection Officer. They will be specially trained in how to handle data and how to meet the new GDPR 2018.
5. Remove old forms from your site
If you have any forms on your site that collect data incorrectly, have them deleted. This includes those with auto opt-in forms.
6. Review third party suppliers
If you work with any third-party service providers, then take steps to ensure they are being compliant as well. If they are handling data that you collected, then you will be held liable in case of a breach.
7. Enhance your security systems
It is worth investing in your security systems to help prevent a breach. The ICO has the right to test your systems at any time. If they find that they are vulnerable in any way, then you can face harsh fines.
Ensuring your marketing efforts are GDPR compliant
The best way to ensure your business is GDPR compliant is to work with a specialist marketing agency who understands the new rules. That’s where anova comes in. Our digital marketing team is well versed in the changes GDPR will bring. They have worked with clients all across the UK to ensure their marketing practices are compliant.
This includes how data is collected, how it is used and how it is disposed of. Our marketing services extend across the board to include everything from email marketing to paid search. Whilst bringing all of your processes in line with GDPR, we can also optimise them to help you see greater returns. To find out more, simply contact our team today.