GDPR (General Data Protection Regulation) is a new regulation that will apply to all organisations who handle personal information of EU citizens. To comply with this regulation your organisation will be expected to follow certain procedures.
The deadline for GDPR is 12 months away - coming into effect on May 15th, 2018. This may see like a long time away now, but it will creep up, and it is vital to start working towards complying with this new regulation – or run the risk of facing a number of fines and a damaged reputation!
A survey carried out by Dell in October 2016, revealed that 80% of companies surveyed knew little or nothing about the impending changes. In fact, 97% of companies had no plan in place to address the GDPR at all…
Asking for consent should be separate from other terms and conditions, so individuals are clear what they consenting to. Consent should not be a pre-condition of signing up to a service unless it is necessary for that service.
The GDPR policy states that in the recitals pre- ticked boxes are not a form of consent. Clear opt-in boxes should be used.
Where there are various different types of data processing that could be documented, allow for separate approval as much as possible to ensure consent has been given.
The ICO (Information Commissioner's Office) want organisations to be as transparent as possible which means giving consumers more control over what they’re consenting to.
Always tell individuals who your organisation is and name any third parties that the data will be shared with. The individual organisations that the data will be shared with has to be named – be as clear as possible.
Maintain records of the consents you have. Document the following information:
It is important for your organisation to start thinking about the data processing activities for minors – to verify individuals ages and to gather parental or guardians consent.
Individuals should have the option to easily withdraw their consent. This means that organisations should implement easy to use and access opt out schemes for individuals – this should also be made aware to individuals at all times.
For a full overview from the ICO please read here for the “Preparing for the General Data Protection Regulation (GDPR)” or contact us to review your current marketing activities and data capture processes…