Impact Assessment: Getting ready for GDPR
Unlike Brexit Secretary David Davis – who admitted under parliamentary scrutiny this week that the government had made no impact assessments about how sectors of the economy would fare following exit from the EU – we believe in planning ahead. We’ve known for some time that new data protection laws are coming into force from the 25th May 2018 and we’re already making changes to ensure that our clients will be fully compliant with GDPR.
GDPR stands for General Data Protection Regulation. It is a set of laws that will apply to everybody living within the EU and to any company that handles the data of an EU citizen. Our nation may be hurtling non-stop towards the cliff edge of EU exit, but these laws come into force long before our proposed date of economic suicide. Think of them as a bump in the road.
Can you shut up about Brexit for one second and explain this GDPR thing properly?
The rules about how you are allowed to handle people’s data are changing. A new set of individuals’ rights has been established. If you have a database of client information, then you’d better make sure that the clients know that you have the information and are happy for you to use it. The legislation comes into effect on the 25th May 2018 and everybody needs to be ready, because the ICO have been given powers to issue BIG fines.
Great… more acronyms…
Actually, strictly speaking, they’re both abbreviations not acronyms. An acronym is when the combination of initial letters is pronounced as a word – like NASA or laser – GDPR and ICO are just abbreviations.
So, linguistic pedantry aside, who or what are the ICO?
The Information Commissioner’s Office are the regulatory authority: the big boys who’ll be backing up individuals who think that their newly acquired rights have been infringed.
That’s the second time you’ve mentioned these new individuals’ rights. What are they exactly?
I thought you’d never ask! *clears throat*
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data-portability.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
Hmm… they lost it a bit with that last one.
It sounds better in the original German. The point is that, come 25th May, every organisation that stores data – even if its just a list of email addresses for marketing purposes – has to make sure that they are compliant with all 99 articles of EU law in which these rights are enshrined. Moreover, it is not enough simply to be compliant, companies must be able to demonstrate their compliance.
And are you compliant?
Given the industry that we are in, we kind of have to be ahead of the curve on this one. We’re taking the appropriate steps for this stage of the switchover. We made sure all of the websites that we host have appropriate security some time ago. At the moment, we are familiarising ourselves with the requirements of GDPR and putting in place contractual changes where necessary. In the new year, we’ll be looking to update consent for email marketing and training staff on the new measures that must be observed.
Sucks to be you.
This applies to everyone! Please don’t leave it to the last minute!
Everyone on our Digital Marketing and Email Marketing Packages can rest assured that we will have their websites and digital marketing fully compliant with GDPR well in advance of the May 25th deadline. We'll be keeping our clients up-to-date with the changes being made, however if any specific concerns about the impact of GDPR from a digital marketing perspective, don't hesitate to get in touch with the team. You can call us on 01603 632552 or email firstname.lastname@example.org.