What is it?
- The General Data Protection Regulation (GDPR) is a new data protection regulation brought in by the EU that has to be obeyed by any company dealing with EU citizens’ data.
- UK companies will have to abide by GDPR despite Brexit.
- Deadline for compliance is 25 May 2018.
- Companies that are not GDPR compliant by this deadline face a fine of 4% of global revenue or €20 million (whichever is greater).
How it affects you
- One of the main objectives of GDPR is to give control of personal data back to consumers.
- This means that you will have to get explicit, informed consent to use your customers’ data for any marketing or sales campaigns or data analysis (like segmentation or targeting). It covers B2C and B2B campaigns.
- Under GDPR, consent must be given for each and every individual use of data. It will need to be regularly updated.
- Data cannot be held for longer than ‘reasonably necessary’.
- Customers must be able to withdraw consent at any time.
- The ability to not consent, or withdraw consent, to any marketing related data use must be explicitly explained to customers in a separate section to any other information.
- Customers can also request to see what records businesses have on them. You need to make sure customer data is accessible – and in a commonly used electronic format that is downloadable and APIs for transfer to other companies.
- You will need to know exactly where all customer data is stored, and ensure it is stored securely.
- You will need to know exactly where your data has come from (direct from customers, bought from third party etc.) and whether consent was originally obtained.
- Some companies may need to appoint a Data Protection Officer to oversee data protection processes in the company – this person can be in-house or a third party.
How we can help you
- Consultation Workshop – understand the implications of GDPR and what your business can do to get GDPR ready
- Data diagnostic – audit your data to ascertain how it is all held, whether consent has been obtained and what the most appropriate data management solution is to be GDPR ready
- Data management – modify, implement or create a data management platform
- Marketing diagnostic – review and modify your omnichannel marketing campaign to ensure it is ready for GDPR
- Automation – create workflows and other infrastructure that allows consent to be managed and data to be sent seamlessly
- Consent campaign – design and implement a campaign to gain consent from your customers
- Consent/compliance hubs – develop bespoke solutions to allow your customers to manage the marketing messages they receive