By May 2018, the UK will be moving towards a new data protection regulation called the General Data Protection Regulations (GDPR). GDPR will dramatically change the way businesses engage with customers and deal with data. As business owners and marketers, there are a lot of pointers to keep in mind while designing your new processes. Here is a rundown of what your business must take care of.
Controllers and Processors
The GDPR regulations cover two specific types of entities that deal with data – controllers and processors. As an agency who offer marketing services to our clients, we handle confidential personal data of our clients’ customers. In this case, our clients are the controllers (of the data) while we are the processors. GDPR is applicable to not just the controllers, but to also processors like us.
What Constitutes Personal Data
It is erroneously believed that only explicitly personal details like a person’s name or driving license number constitutes a violation of personal data. This is not so. Not only is a person’s name, age, sex, location, ID numbers and demographic details regarded personal, the GDPR also mandates that in the case of anonymized data, any information that can be tied to a specific individual can be regarded personal.
For example, if you state that the average income of your clients in London is £40,000. But if it can somehow also be proven that you only have two clients in London and one of them has publicly provided their income details, then it effectively helps a third party know the income of your second client.
Use Domestic Data Handlers
If you are making use of third party data and file storage providers (cloud or hosted), then please make it a point to use a provider who is located within the UK or at least within the European Union. This way, you can be rest assured that your data service provider is as much ready for GDPR as you are.
Oh while you are it, if you are a business outside the European Union, do not assume that GDPR does not apply to you. It applies to any business anywhere in the world that handles data of EU citizens.
Active Consent Is The Key
Active consent is everything. You can no longer have a pre-checked box at the bottom of your sign up form and claim that your customers agreed to their data being used by your business. Doesn’t work that way. GDPR mandates that your customers actively consent to the use of their data. This means, get them to manually check a box where your data policies are explicitly stated.