Clearview National January 2018 - Issue 194 | Page 5

PROUD SPONSOR OF
INDUSTRY NEWS
INDUSTRYNEWS
GDPR: Far-Reaching
Implications of New
Data Regulation
Jade Greenhow, General Manager of Insight Data,
explores the new General Data Protection Regulation
(GDPR), a comprehensive new EU data protection
law that comes into force on 25th May 2018 and will
effectively replace the Data Protection Act of 1998.
» » THE REGULATION HAS FAR-
reaching implications for all UK businesses -
large and small - and is designed to standardise
data protection rules across EU countries. It is
already enshrined in UK law, so will come into
effect regardless of Brexit.
The GDPR specifically relates to the
processing of personal data with greater
emphasis on the ‘fundamental rights and
freedoms’ of individuals (known as ‘data
subjects’). This includes how organisations
collect, store, transfer or use personal data
and includes, for example, employee records,
customer information or prospects/sales
leads.
Although the GDPR relates to personal
data and not companies, any data that can
identify a ‘natural person’ will fall under the
new regulations. This includes an individual’s
name or email address even if they work for a
limited company or LLP.
COMPLYING WITH GDPR
There is considerable scaremongering
surrounding the GDPR particularly as the
ICO (Information Commissioners Office)
has new powers to fine up to €20m or 4% of
global turnover for non-compliance.
However, while it is true that compliance
will be more onerous with new standards of
governance and accountability, most well-run
companies will be able to comply by taking
appropriate measures. This includes reviewing
security protocols, having clearly defined
policies and conducting regular assessments.
Organisations should;
• Clearly document the personal data they
hold, how and when it was sourced, how
it will be used, how it is updated and who
will have access to it
• Demonstrate the lawful basis for
processing personal data
• Have freely available privacy policies
that are fair and easy to understand and
explain what personal data is held, how
it was sourced, for what purpose and the
legal basis for processing data
• Recognise the rights of individuals to
know what personal data is held and
why, and respect their demand to correct,
restrict or remove their data
• Have procedures in place to detect
and report on a data breach, such as
a computer hack, theft of data by an
employee or other breach
• Assign someone to take overall
responsibility for data protection and
compliance
‘Organisations will need
to take all the steps
necessary to comply
with the new GDPR’
GDPR AND MARKETING
There is widespread confusion about
marketing under the GDPR with some
pundits suggesting the new regulation could
have dire consequences for marketers because
of tighter opt-in ‘consent’.
The GDPR is explicit on the use of
consent - it must be freely given, specific,
informed, and unambiguous. Companies will
no longer be able to use pre-ticked boxes to
gain consent, or use confusing or misleading
methods.
However, consent is not the only way to
comply with the GDPR. There are six legal
grounds for processing data and for many
companies, particularly business-to-business,
legitimate interest will be the legal basis for
direct marketing purposes in accordance
with Article 6(1)(f ) of the Regulation.
Indeed Recital 47 of the GDPR states clearly;
“The processing of personal data for direct
marketing purposes may be regarded as
carried out for legitimate interest”.
Organisations will need to take all the
steps necessary to comply with the new
GDPR whether or not they use data for
marketing purposes - the rules relate to
the processing of personal data and the
r ights of the individual whether this is a
customer, prospect, supplier, a membership
or circulation list, employee or any other
data subject.
MANAGING YOUR
MARKETING DATA LIST
To comply with the GDPR it is essential
that your customer and prospect lists are
accurate and kept up to date. You will need
to document how you acquired the data,
how you use it and how you keep it up to
date.
With customer data, this can be
straightforward, but for companies targeting
new customers, especially in trade and
commercial sectors, collecting and managing
your own marketing data lists is likely to fall
short of the new Regulation and could leave
your business exposed to serious fines.
Insight Data can help ensure you comply
with the new General Data Protection
Regulation and get the most from your B2B
marketing and customer acquisition.
Visit www.insightdata.co.uk/GDPR
C L E A RV I E W-U K . C O M » J AN 2018 » 5