PROUD SPONSORS OF THIS PAGE
HINTS & TIPS • 63
This time it ’ s personal : new data regulations
»»
AT THE END OF MAY , NEW data protection rules come into force affecting every organisation in the UK . The rules are designed to give individuals greater control over the personal data companies hold on them and what they do with it . Companies who breach the new rules can be subjected to significant penalties , with maximum fines up to € 20million or 4 % of annual global turnover , whichever is the greater .
Jade Greenhow , General Manager for Insight Data – who has been tracking the developments and implications of the General Data Protection Regulation ( GDPR ) since it was first proposed in 2012 – explains the new regulations and the implications it will have for all businesses …
“ The last major overhaul of data regulations was 20 years ago , before Google , Facebook , Apple and other technology companies collected and processed the personal data from millions of people . In the UK we relied on the Data Protection Act 1998 . However , with inconsistencies on data protection across member states of the EU , leaders from the European Parliament , Council and Union have come together and developed a new standard for the collection , storage and processing of personal data .
“ If you hold any personal data – from employees to the names of your customers – it would be wise to conduct a GDPR audit , and clearly document the personal data you hold , how and when you collected it , and how it is used . You will also need to have a clear privacy policy , be able to show a legal basis for processing the personal data you hold , and have procedures in place to detect and report on a data breach ( such as a computer hack or data theft by an employee ).
“ The GDPR specifically relates to the processing of personal data with emphasis on the ‘ fundamental rights and freedoms ’ of individuals ( known as ‘ data subjects ’). This includes how organisations collect , store , transfer or use personal data and includes , for example , employee records , supplier and customer information or prospects / sales leads . Although the GDPR relates to personal data and not businesses , any data that can identify a ‘ natural person ’ will fall under the new regulations . This includes an individual ’ s name or email address even if they work for a limited company or LLP .
“ The matter of ‘ consent ’ is a cause for confusion with many companies . Consent is one way to comply with the GDPR but there are in fact five other legal grounds for processing personal data , including ‘ contract ’ and ‘ legitimate interest ’. For direct marketing to new customers , particularly business-to-business , legitimate interest will be the legal basis for processing personal data although organisations will need to demonstrate that they balanced the interests and rights of the individual . Legitimate Interest is outlined in Article 6 ( 1 ) ( f ) of the Regulation , and Recital 47 of the GDPR states clearly , “ The processing of personal data for direct marketing purposes may be regarded as carried out for legitimate interest ”.
“ Insight Data marketing lists are continuously validated and updated and can help B2B suppliers in the glazing and construction industry
Jade Greenhow
‘ you must make sure your business complies with the GDPR by 25th May ’
comply with the GDPR . To comply with the GDPR it is essential that your data lists are valid and kept up to date . You will need to document how you collected the contacts on your database and have procedures in place to regularly update the information to ensure the data is accurate . For most companies collecting and managing your own marketing data list is likely to fall short of the new regulation unless you invest heavily in regularly cleansing and updating it .
“ As a final note , despite the hype and surge of so-called ‘ GDPR Consultants ’ and GDPR seminars , there are in fact no qualifications or accreditations for GDPR and indeed the interpretation of the GDPR can vary between so-called experts . One thing is for sure though , you must make sure your business complies with the GDPR by 25th May .”
For more independent information and GDPR compliance guidance , visit the Information Commissioners Office ( ICO ) at www . ico . org . uk Insight Data also publishes information and guidance for B2B marketing , visit www . insightdata . co . uk for the latest updates .
LOCKSMITHJOURNAL . CO . UK | MAR / APR 2018 Sponsored by Lockex 2018 - Security & Fire Safety