GDPR — Transparent advice and implications for you
The EU General Data Protection Regulation (GDPR)
The GDPR is being enforced from 25 May 2018. UK organisations that process the personal data of EU residents have only a short time to ensure that they are compliant.
As you may already be aware, the GDPR (General Data Protection Regulation) implementation should now be completed across all UK and EU websites. This has a large impact on how you collect, store and process the data of individuals. We’ve put this blog post together as a means of providing an introduction to this and to advise on some steps that you will need to take to become compliant.
This does not just affect your website but all data collected on individuals, including your internal employee data. The GDPR has eight key points related to data and processing (e.g. using an email address for marketing). This legislation has been brought into action to ensure that individuals have more transparency and access to the data you collect on them. There is also the concept of informed consent with regards to data collection.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
There are other requirements if you collect or hold additional personal data. The ICO has good resources regarding this and is worth reading to ensure you are compliant across all aspects of your business: https://ico.org.uk/ico-introduction…
Steps to becoming compliant
No 1) First of all, you need to review your current database and consider if explicit consent was given. For example, the standard newsletter system used by Verse is not compliant, so we would either need to gain additional consent or, simply delete our database and start again.
No 2) Review your Terms and Conditions and Privacy Policies to ensure you’re compliant and also to avoid potentially hefty fines going forward. We can provide advice on this for you but ultimately, we would recommend seeking legal counsel as the buck stops with you.
No 3) Review your cookies policy, although this isn’t specifically related to GDPR, it is a legal requirement. Again, we can provide advice on your cookies policy but you are ultimately responsible for getting this right.
How Verse can help
*Our recommendations will as far as we are aware, make you fully GDPR compliant but we hold no ultimate responsibility over your actions.
No 2) Adding explicit consent to all your data forms. The scale of this can vary quite a bit, depending on how many data forms you have. It’s also important for your users/customers to understand what you intend to do with their data.
No 3) Integrating a system like MailChimp or Campaign Monitor. We would strongly recommend you go down this route as these systems are built for this particular purpose and their double opt-in consent will ensure that you’re GDPR compliment.