How often do you hear the initialism GDPR at the moment? Well, you’re only going to hear more about GDPR – or General Data Protection Regulation, to give it its full name. And the bigger question is: have you done anything about it yet?
With all the bluster about GDPR going around: the copious marketing emails, events, seminars and eBooks floating around, there still seems to be some basic misunderstandings about what’s happening in May 2018. As we approach the New Year, I thought I might weigh-in to dispel a few misconceptions we discussed at a recent DirectionGroup GDPR Marketing Best Practice Event.
So, without further ado: here are my 6 lesser-known facts:
May 25th 2018 is just the end of the grace period for companies to prepare before any prosecutions begin. Once enforcement starts, there’ll be potential fines and repercussions for organisations not able to prove compliance.
With so much noise surrounding the General Data Protection Regulation (GDPR), the equally impactful e-Privacy Regulation seems to have been forgotten about. ePrivacy Regulation isn’t law just yet, but the plan is that it will be by May 2018.
It will still apply to any data involving EU citizens, the UK will enshrine it into law – plus, it comes into effect before the UK currently plans to officially leave the EU. Sadly, we’re going to have to take it seriously after all.
Unfortunately, it’s not quite that simple. Consent must be freely given, unambiguous, specific and informed and of course – easy to withdraw. You will need to: provide comprehensive information (specific and informed) about what the person is consenting to; ensure they wouldn’t be disadvantaged if they didn’t consent (freely given); make sure there is no doubt as to what they are consenting to (unambiguous); ensure there is no doubt as to whether they have given consent (clear affirmative action).
A lot of organisations are opting for a double opt-in process as a ‘belt and braces’ approach. While it presents an extra step for leads to take (and one that might cost you a few subscribers along the way) it does create a flexible consent process with additional options to gather more insight and generate higher quality, validated contact data.
The ICO is fundamentally here to help. If you’re worried about getting compliant on-time, a statement of compliance might help demonstrate that you understand the regulations and have put in place a process. Showing due diligence will go a long way to minimising any consequences. And of course, you can engage directly with the ICO for help.
If you or your team are struggling to understand the implications of the GDPR, we can host a 1-hour session with your team to share insights, best practice and key steps to move forward between now and May. Get in touch for more information.