GDPR is pan-European legislation that harmonises data protection across all member states from 25 May 2018. It basically says
If you store EU Individual data, the individual should be able to access it, retrieve it, change it or transfer it somewhere else.
Data is any information stored about EU individuals. Personal information like name, address and email address. Historical information like employment history, medical history and credit history. Company data, including information about staff, customers, account holders and suppliers. GDPR affects everyone, whether you are a large multinational corporation or a small corner shop with one employee. GDPR reshapes the way organisations across the EU approach privacy.
Now is the time to confirm GDPR consent whilst subscribers are active customers. Under GDPR, you may lose permission as inactivity is not considered consent under GDPR.
Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.
The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.
The Sensorpro marketing platform will help compliance with new options including:
Changes to subscriber data
Subscriber management tools to clean up lists and remove dormant or inactive contacts.
Signup forms won't allow pre-ticked options.
New options to reinforce permission.
Option for a survey response to be anonymized.
Easy reports to provide Subscribers with proof of opt-in or proof of form completion.
New Data at rest encryption option.
New streamlined signup process for your website.
If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.
In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.
Individuals of the EU will have 8 basic rights under GDPR:
1 Right to be informed
2 Right of access
3 Right to rectification
4 Right to be forgotten
5 Right to restrict processing
6 Right to data portability
7 Right to object to direct marketing
8 Rights in relation to automated decision making and profiling
The maximum fines are up to €20 million or 4% of total worldwide turnover for very serious breaches. The fines are going to be proportional to severity and the maximum fines will only be levied in the most extreme of cases.
Examine your systems today and ask if each data item you hold on an EU individual complies with the 8 EU individual data rights.
Ask your cloud-based platform vendor where data is stored. If the data centre is based outside the EU, get explicit GDPR assurance and ask for their EU designated representative.
Ask us to complete a GDPR marketing audit for you. With our tools and processes, marketers can be assured of a healthy & compliant digital marketing capability for years to come.
Contact us for a free GDPR readiness consultation.
Get notified when we update this article.
Preparing for GDPR includes Training for staff & management, so everyone understands the responsibility regarding the protection of personal data. The training should be relevant to their job, making it easier to apply it on a day-to-day basis.
Online GDPR courses are available from Data Compliant including GDPR in practice (50 mins) and Recognising PII (15 mins). They use gaming techniques, making the learning experience engaging and fun.
1. if your signup form has pre-ticked boxes, untick them and make sure the language is clear. Get the new version for your account by contacting Support.
2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.
3. Plan to migrate to our new Data at rest encryption platform.
4. Familiarize yourself with the new GDPR options by joining the next webinar.