Everyone’s talking about GDPR, but what does it actually mean? Let’s start with the need-to-knows:
What is GDPR? GDPR stands for General Data Protection Regulation. It is an EU law that will affect anyone who handles EU citizens’ “personal data”.
What’s changing? There will be strict rules to follow, and tough penalties for businesses that don’t comply.
When is it changing? GDPR will come into effect on the 25th May 2018.
Will it affect me? Almost certainly – especially if you run a business. We all store and process data in many different ways, such as names, addresses and bank details of customers. If you’re based in the UK, much of this is likely to belong to EU citizens.
Will Brexit affect GDPR in the UK? Unfortunately, Brexit isn’t a get-out clause. The UK will still be a full member state of the EU in May 2018. It’s unlikely that much will change anyway, as UK businesses that handle data about EU citizens will still be bound by the GDPR.
What do these changes mean for your business?
There are steps you will need to take to ensure you are GDPR compliant. As a small business, the impact will be less extreme than for large corporations, but we all need to ensure we are on the right side of this new law.
In short, this is what you will need to do to be GDPR compliant:
There are serious penalties for businesses that don’t follow the rules. They are much tougher than those under the current Data Protection Act. You could face:
The Information Commissioner’s Office have produced an extensive guide to GDPR with some handy checklists.
This sounds like hard work – what’s in it for you?
Ultimately, these new directives will help protect people’s personal data and help everyone who handles data better understand their responsibilities.
“I’m pleased GDPR is coming,” said Joanne Bell, Managing Director of Bells Accountants and a longstanding client of Make Me Local.. “These regulations are designed to protect our clients and our staff from a breach of data or from a small business inadvertently misusing the data that is in their care.”
What if other people store data on your behalf?
If other people are storing data for you, like a marketing agency or other supplier, both parties need to take responsibility for gaining data consent.
Your supplier’s obligations:
If a supplier is processing data on your behalf, you should update your contract with them to include some mandatory clauses. You can find more information on this in Article 28 of the GDPR.
How does this affect the way you work with your marketing agency?
The GDPR introduction should actually be great news for marketing as an industry. The regulations are being put in place to ensure data is used in the right way – they aren’t something that should worry you. This will weed out practices people tend to frown upon, such as:
These techniques are outdated and, whilst they might get leads, they’re unlikely to convert – they’re invasive and are more likely to irritate potential customers. This means agencies will have to think of new, more creative ways to market your business, which are more likely to attract new customers.
What are Make Me Local doing to protect data?
We’ve never used any of the shady techniques above, but we still have to ensure that we’re going to be meeting all regulations associated with the GDPR.
“We will be taking steps to ensure our clients’ websites are GDPR compliant” says Lee Diggens, Head of Sales at Make Me Local.
“Any part of a website that is designed to capture data, such as a sign-up form, will have a suitable and explicit opt-in (or out) message. This way, we can be sure people fully consent to our customers using their personal data. We’ll be contacting all our clients individually about the changes in the near future.”
These are the steps we’ll be taking to ensure we’re GDPR compliant for all our clients:
We don’t want to be caught with our pants down when GDPR comes into effect, and we’ll be helping our customers to apply their own belt and braces approach!
Are you ready? Make sure you don’t leave yourself exposed…