Taking the Guessing Game Out of GDPR – A Point Creative Show & Tell
Let’s face it, GDPR is shaking up the marketing world. Some of our clients are hot on the topic and already have their policy and procedures aligned, others are still figuring it all out.
With the looming 25th May 2018 deadline, we at Point Creative are in the throes of the GDPR journey and thought it would help take the guessing game out of what we all need to be doing, by sharing our findings and actions with you as they unfold, here in this very blog.
First off, let’s start with what GDPR is.
GDPR = General Data Protection Regulation
Due to recent advancements in technology and potential risks to personal information, a requirement has been identified that any business that controls or processes data and that trades within the EU or with EU data, need to comply to the same standardised system – GDPR.
Thankfully, if you comply with the current Data Protection Act 1998, you’ll be pleased to hear that many of the main concepts remain valid for the GDPR regulations coming in from 25th May 2018.
However, there are lots of improvements and new elements that you will need to keep your beady eye on to inform changes to your existing policies and bring in some new approaches.
Pre-ticked opt in boxes are now a no go. Explicit consent must be given for the use of anyone’s personal data. The person must have chosen to check the box. If there’s a breach, you’re directly liable and you have a duty to report it.
Even when the individual has given their permission, if you plan to use this information for multiple purposes, then they also need to have given permission for each place you intend to use it.
Accountability; you must keep records of how, when and why that consent was given by the individual. Plus how they were told their data would be used.
The terminology used during this process must be clear and straightforward. It must be easy for the person to understand what they are providing permission for and it must be equally easy for them to terminate that permission further down the line.
What do you need to do?
A review of your current consent process is a good place to start. Do they meet the GDPR conditions? If so, all good. If not, you’ll need to request that consent again from the individuals.
You’ll also need to make sure that if you use this information for multiple purposes or a third party also plans to use this personal data that they give permission for each of these areas too.
Make sure it is effortless for an individual to give their consent easily and withdraw it just as quickly. That’ll make it easier for you too!
Keep a beady eye on GDPR and make sure you stay up to date and have regular reviews with regard to your data use.
Carry out assessments on any new technology/systems to make sure they adhere to the current requirements.
In some cases, depending on the type of business you work within, you’ll need to designate a Data Protection Officer to make sure you comply with the requirements.
A Useful GDPR Email Campaign Example:
Links We’ve Found Useful:
For further information, please consult the ICO and their Guide to the General Data Protection Regulation, see links below.
Their document “is a living document and we are working to expand it in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative.”
The ICO have also provided guidance on privacy notices, which help illustrate the differences and how they should be laid out going forward.
How GDPR ready are you? We’ve found a useful quiz:
Point Creative’s GDPR Journey To Date:
✓ Admitted defeat that GDPR is coming, and yes we do need to make changes!
✓ Augmented knowledge with CIM Online Course ‘GDPR for the Marketer’
✓ Database cleansing in full swing
✓ Checked third party GDPR compliance
✓ Updating e-subscription process
A legal disclaimer:
Whilst we’re well read on the topic, we’re merely trying to help steer through the joys of GDPR. We’re not the legal bods on all the ins and outs of the up and coming regulations and will not be liable for your actions.