INDUSTRYNEWS
PROUD SPONSOR OF INDUSTRY NEWS
GDPR question time
On 25th May new data protection rules come into force affecting every organisation in the UK . The rules are designed to give individuals greater control over the personal data companies hold on them and what they do with it . Companies who breach the new rules can be subjected to significant penalties , with maximum fines up to € 20million or 4 % of annual global turnover , whichever is the greater .
»»
INDUSTRY EXPERTS INSIGHT DATA have been tracking the developments and implications of the General Data Protection Regulation ( GDPR ) since it was first proposed in 2012 .
Clearview caught up with Jade Greenhow , General Manager , for some quick-fire questions and answers .
WHAT IS THE PURPOSE OF THE NEW DATA REGULATIONS ?
The last major overhaul of data regulations was 20 years ago , before Google , Facebook , Apple and other technology companies collected and processed the personal data from millions of people .
In the UK we relied on the Data Protection Act 1998 . However , with inconsistencies on data protection across member states of the EU , leaders from the European Parliament , Council and Union have come together and developed a new standard for the collection , storage and processing of personal data .
WHAT IS REQUIRED TO COMPLY WITH GDPR ?
If you hold any personal data – from employees to the names of your customers – it would be wise to conduct a GDPR audit , and clearly document the personal data you hold , how and when you collected it , and how it is used .
You will also need to have a clear privacy policy , be able to show a legal basis for processing the personal data you hold , and have procedures in place to detect and report on a data breach ( such as a computer hack or data theft by an employee ).
The Information Commissioners Office ( ICO ) website provides further information on compliance .
DOES GDPR JUST RELATE TO MARKETING ?
The GDPR specifically relates to the processing of personal data with emphasis on the ‘ fundamental rights and freedoms ’ of individuals ( known as ‘ data subjects ’). This includes how organisations collect , store , transfer or use personal data and includes , for example , employee records , supplier and customer information or prospects / sales leads .
Although the GDPR relates to personal data and not businesses , any data that can identify a ‘ natural person ’ will fall under the new regulations . This includes an individual ’ s name or email address even if they work for a limited company or LLP .
WILL I HAVE TO HAVE ‘ CONSENT ’ TO COMPLY WITH THE GDPR ?
This is a cause for confusion with many companies . ‘ Consent ’ is one way to comply with the GDPR but there are in fact five other legal grounds for processing personal data , including ‘ contract ’ and ‘ legitimate interest ’.
For direct marketing to new customers , particularly business-to-business , legitimate interest will be the legal basis for processing personal data although organisations will need to demonstrate that they balanced the interests and rights of the individual . Legitimate Interest is outlined in Article 6 ( 1 ) ( f ) of the Regulation , and Recital 47 of the GDPR states clearly ; “ The processing of personal data for direct marketing purposes may be regarded as carried out for legitimate interest ”.
CAN I CONTINUE TO USE MY EXISTING MARKETING / PROSPECT LIST ?
To comply with the GDPR it is essential that your data lists are valid and kept up to date . You will need to document how you collected the contacts on your database and have procedures in place to regularly update the information to ensure the data is accurate .
For most companies collecting and managing your own marketing data list is likely to fall short of the new Regulation unless you invest heavily in regularly cleansing and updating it .
Insight Data marketing lists are continuously validated and updated and can help B2B suppliers in the glazing and construction industry comply with the GDPR .
WHERE DO I GO FOR ADVICE ?
Despite the hype and surge of so-called ‘ GDPR Consultants ’ and GDPR seminars , there are in fact no qualifications or accreditations for GDPR and indeed the interpretation of the GDPR can vary between so-called experts .
As the UK ’ s independent authority , the Information Commissioners Office ( ICO ) is the best source of information on GDPR compliance www . ico . org . uk
Insight Data also publishes information and guidance for B2B marketing , visit www . insightdata . co . uk for the latest updates .
26 » MAR 2018 » CLEARVIEW-UK . COM