As a marketing, recruitment or sales business, data on customers and clients is vital to your day to day operation. That applies especially to businesses which rely on cold contact like recruitment or call centre sales. GDPR is the latest in government and EU privacy laws which direct what can and cannot be done with data—so it’s absolutely vital that your business, no matter which industry you’re a part of, is prepared for it.
So what is GDPR, what does it change about our current data privacy laws, and what should you do to prepare? That’s what this guide aims to answer.
GDPR is a brand-new EU regulation, which is coming into force this year. GDPR stands for General Data Protection Regulation—so you can guess that it’s a law which relates to how businesses collect, store and use their customers’ personal data. It will come into force in May 2018, so now is the time to get compliant, before it’s too late. So let’s take a look at exactly what GDPR changes!
GDPR introduces a number of new rights for citizens of the European Union. Specifically, it gives them the right to tell a business what to do with their data, in a way not dissimilar to how enrolment with the TPS (Telephone Preference Service) gives people the right to ask for their records to be removed from a call centre’s telephone database. Under GDPR, European citizens have the right to access and correct or demand the deletion of their personal data from a business’ records, no matter which industry your business is a part of.
GDPR also changes the way that businesses go about asking for their customers’ consent to collect, process or sell their data. To be specific, it requires that you ask for a customer’s ‘explicit consent’ in order to process their data in certain ways. Explicit consent, as defined by GDPR itself, is:
…Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
As it happens, this isn’t a million miles away from the regulations we already have in place. However, GDPR sets some new guidelines with regards to how businesses obtain consent and process data. For instance, all businesses have to store data securely– any data breach must be reported to a local authority within 72 hours, or the organisation in question could face a significant fine. This is a reaction to breaches such as those that hit Uber, and were covered up; had GDPR already been in force, Uber could have been fined up to €20m.
GPDR necessitates greater safeguards against breaches like these through increased day-by-day security. Under GDPR, your business will have to:
These few changes make it obvious why businesses worldwide are spending billions on GDPR compliance.
Any business that needs personal data for marketing or direct sales will be particularly affected by these changes. That being said, GDPR affects practically every kind of business, including every single one that needs to collect and store customer data. The good news is that GDPR won’t require you to ask for ‘fresh’ consent from each and every one of the data subjects in your database, provided that their data was obtained in a way that meets GDPR standard -in other words, meeting the threshold of ‘explicit consent’ above and the guidelines in the final section below. Let’s face it – if you are collecting email addresses without concent, it’s also likeley to be a bbig tell-tale cause of a shrinking subscriber list because no one likes to be just added to a list.
More widely, any business that collects personal data for whatever reason—like an online marketplace that needs names and addresses to make deliveries, or a software developer that requires users to sign up and provide details before allowing access to their product—will have to review their data collection and processing policies.
GDPR also introduces a penalty for non-compliance which is more than just a slap on the wrist. If you breach GDPR, the maximum penalty that you can be fined is 4% of annual global turnover up to a maximum of €20m. The penalties are tiered. You will be subject to the maximum 4% fine for serious infringement, such as not seeking customer consent for what you want to use their data for. Conversely, you will be subject to a 2% fine for not having your records in order, or for failing to correctly report a data breach.
As we mentioned above, you don’t have to operate in the European Union to fall under GDPR. If in any way you process the data of individuals within the EU, or sell to individuals within the EU, then the way that you collect and use their data must be GDPR compliant. Regardless, the UK government has indicated that their post-Brexit implementation of certain EU laws will include GDPR or an equivalent of it. So, post-Brexit—or no matter what happens with regards to politics—if you do business in the EU or with EU citizens, you’ll have to be compliant.
What you have to do is to make sure that your current requests for consent meet these guidelines below. If they don’t, you’ll have to change your privacy policy.
Naturally, this is just a brief overview of what you may or may not need to change. GDPR might mean that you have to make wholesale changes to how your business operates, or you might not have to change a thing. If you’d like to know more about the specific changes you should put in place to make your website GDPR compliant, look out for the Part 2 of this series coming soon.
How to Score: Lead Scoring Strategies for CRM Users
09 May 2018Scoring leads is one of the many uses of CRM software, but there are many pitfalls you can fall into if you’re not careful. In this article we’ll cover just how to get ahead of the competition when it comes to CRM and touch on the best strategies....
“No sales from my E-Commerce store but my traffic is decent, what do I do?”
19 April 2018For anyone who wants to make a living from E-Commerce, you’ll likely run into the above problem more than once. Sadly, having a lot of traffic is not a clear indicator of consistent business performance. If you invest a lot of money into getting...