01892 570863

Sharp News

See our latest news articles

15/11/2017

What you need to know about the General Data Protection Regulation

If you haven’t heard about the GDPR yet, you might be in for a bit of a shock. The new legislation is being introduced on 25th May 2018 and is to replace the previous Data Protection Act which was put into place in 1998. This is partly to ensure smooth data flow between the UK and the EU post Brexit, but also because most of the rules and regulations were either out of date or weren’t strict enough. Here’s what you need to know about the GDPR in relation to your marketing activities.

Who is going to be affected?

Any organisation that controls or processes data will need to abide by the GDPR.  These are key terms under GDPR, so it’s worth understanding the difference:

  • A data controller states how and why personal data is processed
  • A processor is the party doing the actual processing of the data

So, the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing.  If you do everything in-house, your business is both a controller and a processor.

Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they're dealing with data belonging to EU residents. It’s the controller's responsibility to ensure their processor abides by data protection law; processors must themselves abide by rules to maintain records of their processing activities. If processors are involved in a data breach, they are far more liable under GDPR than they were under the Data Protection Act due to strict guidelines.

Key points

In a nutshell, the GDPR means that your data handling processes have to abide by the following rules:

  1. Any data must be processed transparently
  2. Any data collected must have a specific purpose
  3. Once the purpose has been fulfilled, the data should be deleted

The rights of individuals

The most important point to take away from the new legislation is about consent. Previously, if you had information about someone you could use it to either contact them directly or send it to other organisations.  Under the GDPR, you will now need to directly ask for their permission to use their data, which now includes not only contact details but also IP addresses, financial information, mental health or culture (such as religious practices).

When asking for consent, you must be very clear about how their information will be used and who will see it.  Controllers must keep a record of how and when an individual gave consent, and individuals may withdraw their consent whenever they want.

The penalties

If your current way of obtaining consent doesn't meet these new rules, you'll have to bring it up to scratch or stop collecting data under that model when the GDPR applies in 2018.   If you’re not GDPR compliant in time, you may be hit with some serious fines – significantly more than under the current rules –  which could damage your income and your reputation amongst both clients and partners. You could also be faced with prosecution if you deliberately breach the Regulation.

GDPR is too important to ignore, so you need to start putting the steps in place now to make sure you will be compliant in time.  For more information, visit: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr

To find out more about how Sharp Minds Communications can help with your marketing, email communications@sharpminds.agency

Back to news

Want to drive your business forward?

Contact us