If GDPR isn’t on your radar, then it should be. Don’t let the acronym fool you, this isn’t a new form of public relations — it’s the EU’s new General Data Protection Guidelines, and when they come into effect on May 25 this year, you’ll need to make sure you’re ready. Whether you’re a business owner or an administrative worker, you’re going to need to change some things about how you handle personal information, as well as understand what your rights are when it comes to your own personal data.
Got your attention? Here are eight reasons you can’t ignore GDPR.
1. It’s going to be the law
GDPR isn’t something to be taken lightly. As the most significant development in data protection for 20 years, the aim is to align all data protection laws across Europe to help protect citizens’ personal data and, in particular, how organisations handle and use this data. GDPR compliance isn’t something to be brushed aside; it will be something that businesses of all size and status will need to follow. It’s worth reading up on GDPR to find out more about what it’s all about.
2. The fines are significant
GDPR isn’t something to take lightly. The current Data Protection Act that’s in place in the UK carries a fine of up to £500,000 for breaching personal data, but the potential consequences of a breach are about to increase significantly. Under GDPR, companies who breach the rules could face a fine of up to €20m or 4 per cent of global annual turnover, whichever is greater. While this might cause panic for SMEs and startups, the Information Commissioner. who will be regulating the changes in the UK, says that fines will be ‘the last resort’. While fines won’t be handed out routinely, it’s still important that you comply with the new regulations.
3. It won’t go away with Brexit
As an EU directive, you might be led to thinking that GDPR won’t affect businesses after Brexit, but sadly that’s not going to be the case. Even after Brexit, UK businesses will continue to work with people in the EU which will make compliance necessary. Not only that, but the Information Commissioner has said that ‘EU law will remain UK law until the government sees fit to repeal it’, and GDPR regulations will continue to be the law in Britain. Therefore, it’s not a case of waiting to see what will happen in the next few months, and by the time May 25 comes around, you’re going to need to be ready.
4. It will change your approach to consent
Consent is the key word out of all the ones used in the GDPR. Under new regulations, ‘presumed consent’ will no longer wash when it comes to gathering individuals’ personal data, and instead, you’re going to need to seek explicit consent to use their information. This means the end of pre-ticked boxes on forms and no more ‘please tick this box if you do not wish to receive further information from us’. People will now need to actively opt-in to receive communications and have the right to withdraw their consent at any time.
One of the key aims of GDPR is to prevent data leaks, something that has rocked the online community in recent years thanks to the growing increase in cyber threats. You’ll want to make how you store personal data even more of a priority from now on in order to make sure that you’re compliant. This doesn’t just apply to data stored electronically; it also applies to your hard data storage. One of the things you might want to think about is using scanning services to transfer your data electronically, making it easier to encrypt and keep track of. IT services in particular are shifting their focus to ensuring GDPR compliance and may be able to offer you regulation-friendly services to make sure your data storage systems are up to scratch.
6. It will affect how your own data is gathered and used
On a personal level, GDPR offers many benefits. If your inbox and junk mail are forever increasing in size with unwanted marketing communications, you can now remove yourself much easier from their distribution lists. Over the coming weeks, you may notice more emails from businesses asking you to re-opt into receiving communications — something that you should take note of if it appears in your inbox. Pay close attention to any forms you fill in once GDPR comes into play, as you will have the right to complain about communications which are non-GDPR compliant.
7. It’s the chance to improve your marketing communications
While seeking explicit consent may seem like a tough chore for businesses, it could actually give you the chance to improve the way you communicate with consumers. GDPR will have an impact on marketing campaigns, but the way you gather and use personal data can give you the chance to offer people better, more relevant information, engage with them and build better trust. When you build better relationships with consumers, you’re more likely to increase your ROI, potentially making GDPR the shake-up you need to improve your marketing communications.
8. You’ve still got time to get your head around it
If this is the first you’re hearing about GDPR, or you’re still unsure of how the rules apply to you, you’ve still got time to get your ducks in a row. There are plenty of experts out there who will be able to advise your business on what it needs to be GDPR-compliant. You’ll also find useful articles online about what you need to do about GDPR which can help alleviate any concerns that you might have.
GDPR might sound like it’s going to be painful, but the intentions behind it are good. If you care about your own data and how its used and protected, you should apply the same care to others’ data too. While we wait for Brexit to take shape, this will be one of the key priorities for businesses over the coming months. Make sure you know exactly what you need to be doing before May 25 to ensure that you’re GDPR compliant