ADVICE PREPARING FOR GDPR
ADVICE Are you ready for GDPR ?
New EU rules on how you can use your customers ’ personal data - General Data Protection Regulation - are coming into effect next month . If you ’ re not already up to speed , we did a whip-round the experts for some last minute advice on how to fall into line
ROYTHORNES SOLICITORS By Julia Seary , company commercial partner , Rothornes Solicitors
How ready are you for GDPR ? General Data Protection Regulation , or GDPR for short , is the topic on everyone ’ s mind at the moment but what does it actually mean and how ready are businesses ? A recent survey revealed that only 7 % felt very prepared for the GDPR regulations . Instead the majority felt somewhat ready ( 50 %) with 25 % feeling not very or not at all prepared and 4 % having no awareness of GDPR at all .
Each business and industry have different ‘ pain points ’ with the new regulation but a good place to start is with an action plan such as this : 1 . Nominate a GDPR lead or Data Processing Officer
( DPO ) to front the initiative 2 . Carry out a data mapping review to understand what data you hold and where it has come from 3 . Update your customer facing privacy notices 4 . Review and update all relevant data-related policies and procedures 5 . Clarify and document the legal basis that you are relying on for processing data 6 . Remove any opt-out pre-ticked consent boxes and replace with opt-in boxes 7 . Check your marketing lists comply with the new regulation 8 . Understand how and when to respond to Data
Subject Access Requests ( DSARs ) 9 . Check your IT systems can properly support compliance 10 . Review all third-party supplier arrangements with regard to the new regulatory requirements 11 . Review any international data flow if relevant to your company
12 . Ensure staff are adequately briefed and carry out ongoing audits The key take home message is that you must have a lawful basis to process individuals ’ data . Whether it be in regard to marketing bulletins , IT security , customer relationships , employee data storage or data transfer , the core principles of data protection remain but with tighter controls .
There are many old and new rules coming into force but the crucial aspects to bear in mind for any industry include the tighter scope of explicit consent ( do you have it and , if not , how do you legally get it ), increased transparency ( the new ‘ right to be forgotten ’ and ‘ right to be informed ’ rules ) and the need to demonstrate compliance if the Information Commissioner ’ s Office ( ICO ) suspect any misconduct .
ARMADILLO CRM Nicholas Blake is the head of data and digital operations at Armadillo CRM , which specialises in customer relationship marketing
Despite GDPR changing the methods of capturing and managing customer data for good , the regulations don ’ t need to herald the end of useful data . There are still ways in which businesses can continue to gather useful data and , crucially , help gain customer trust at the same time . Here are the three essential areas to address . 1 . Justify the data you are collecting Once GDPR is in force you can only collect data for specific , explicit and legitimate purposes . Every company should be able to answer the question : “ Why are we collecting this data , and is it justified ?”
Transactional data is easier to answer – retailers have a legitimate reason to collect this so they can account for sales , manage stock and understand what products customers are buying . If there ’ s no personal data involved , this is even more straightforward .
Once personal data becomes involved , it becomes more complicated . Obtaining a person ’ s address so you can send them their order makes sense and this is a very specific purpose which is easy for the customer to understand . But , capturing their date of birth to deliver their order is a less clear proposition , unless ,
‘‘
Despite GDPR changing the methods of capturing and managing customer data for good , the regulations don ’ t need to herald the end of useful data
‘‘
24 JEWELLERY FOCUS
April 2018 | jewelleryfocus . co . uk