GDPR and your Company

over 5 years ago

594a9cfa549ca Gdpr&You 594a9cfa548e5

GDPR stands for the European General Data Protection Regulation (the “GDPR”), it will apply throughout the EU regardless of BREXIT and no UK business will be exempt.

The new legislation is to update, replace and encompass all the old law on data protection like the Data Protection Act 1998 (the “DPA”) so that we are uniform in our data protection regulations across the EU. (Although, most of the Data Protection Act is mirrored in the GDPR)

From May 2018 onwards, individuals will need to give you their consent for their personal data to be collected and know how their information is going to be used.

It’s clear that companies that hold CRM databases with masses of client and customer information are going to need to rethink their data storing processes.  There are clear guidelines on how personal data must be processed and it can’t be kept on file forever.

What is personal data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. Any information that can be used to identify someone is personal data; For example, a list of customer names and addresses will count as personal data, as may a database of customer email addresses.

There are also a different set of rules regarding ‘sensitive personal data’ which all businesses should be aware of.

What are Data Controllers and Data Processors?

Data Controller: determines how and why personal data is processed.

Data Processors: are anyone who processes personal data, and act on the controller’s behalf but not as an employee, but rather as a service provider or third-party affiliation (e.g. a data analytics provider).

All databases are going to take a knock as all clients and customers are going to have to give their explicit consent to being on them… all businesses should be educated on the implications of the GDPR but in particular, if you’re lucky enough to have a massive database full of clients and customers, get in touch with them sooner rather than later to get their consent.