Say Hello Hello to understanding GDPR
Say Hello Hello provide professional database cleaning and lead generation services, complimented with the latest digital marketing tactics. To find out how we can help your business to flourish, contact us today.
On 25th May 2018 the General Data Protection Regulation (GDPR) will come into effect across the EU. This legislation will have a huge impact on the way companies store and use personal information.
What is GDPR?
Until now, European Union member states set their own personal data retention laws, under an EU directive set in 1995. This new regulation effectively standardises the way companies that are based in the EU, or do business in the EU, store and use personal information.
So what counts as personal information?
Under the new regulation, any information that can be used identify an individual, either directly or indirectly, is classed as personal information. This means that even a mobile phone number or email address, with no name attached, is covered and businesses must protect the data effectively.
GDPR and Consent
Consent is a big part of GDPR, with the burden of proof falling to companies that store and use personal information. If your business stores and uses personal information in any shape or form, under GDPR you must be able to demonstrate:
Who consented and how their consent was gained
A simple process allowing the subject of the data to withdraw their consent at any time
That consent was given for all purposes the personal information will be used for
That consent cannot be considered given if the subject of the data is not given a free and fair choice as to its giving
An understanding that inactivity or pre-populated entry forms and tick boxes cannot be considered as giving consent
Could my business be exempt from the regulations?
No. All companies that do business in the EU and hold the personal information of EU citizens on file will have to comply with GDPR or face penalisation.
What does this mean for businesses?
In simple terms, under GDPR, consent to store and use personal information must be explicitly given and can no longer be assumed. Compliance and responsibility for the storing of personal information falls squarely on businesses. This means that individuals have the right to easily access, transfer or delete their data with any company that does business in the EU.
Under GDPR, individuals can:
Request a copy of their data from any company that possesses their personal information, for no charge, and find out what information is being used and why.
Request that their data is deleted under the ‘right to be forgotten’ so they are no longer contactable by a company and any related third parties.
Request access to their personal data in an electronic format that can, if necessary, be easily sent to another company.
Under GDPR, companies must:
Inform individuals of any security breaches (such as hacks, leaks or loses) that compromise the security of their personal data.
Design new systems with data protection and GDPR compliance in mind.
Ensure that data security is considered when designing and implementing internal processes and that only data that is ‘absolutely necessary for the completion of duties’ is kept in company records.
Say Hello Hello promote responsible data management. To ensure your contact database is well qualified before GDPR comes into effect, get in touch with us today and Say Hello Hello to professional database management and lead generation.