GDPR is pan-European legislation that harmonises data protection across all member states from 25 May 2018. GDPR reshapes the way organisations approach privacy and basically says:
If you store data about an individual in the EU, the individual should be able to access it, retrieve it, change it or transfer it somewhere else.
Data is any personal information stored about an individual in the EU like Name, Home address, IP address, Phone number, Photograph, email address.
If you already have consent, there is no need to re-consent. Recital 40 provides for legitimate interest in the case of an existing customer contract or relationship.
Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.
The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.
GDPR applies to individuals in the EU (Data subject) not just EU citizens. So for example, a US tourist staying in Dublin ordering from a EU-firm online becomes a data subject.
The Sensorpro marketing platform will help compliance with new options including:
Changes to subscriber data
Subscriber management tools to clean up lists and remove dormant or inactive contacts.
Signup forms won't allow pre-ticked options.
New options to reinforce permission.
Option for a survey response to be anonymized.
Easy reports to provide Subscribers with proof of opt-in or proof of form completion.
New Data at rest encryption option.
New streamlined signup process for your website.
If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.
In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.
Individuals of the EU will have 8 basic rights under GDPR:
1 Right to be informed
2 Right of access
3 Right to rectification
4 Right to be forgotten
5 Right to restrict processing
6 Right to data portability
7 Right to object to direct marketing
8 Rights in relation to automated decision making and profiling
The maximum fines are up to €20 million or 4% of total worldwide turnover for very serious breaches. The fines are going to be proportional to severity and the maximum fines will only be levied in the most extreme of cases.
Examine your systems today and ask if each data item you hold on an EU individual complies with the 8 EU individual data rights.
Ask your cloud-based platform vendor where data is stored. If the data centre is based outside the EU, get explicit GDPR assurance and ask for their EU designated representative.
Ask us to complete a GDPR marketing audit for you. With our tools and processes, marketers can be assured of a healthy & compliant digital marketing capability for years to come.
Contact us for a free GDPR readiness consultation.
Preparing for GDPR includes Training for staff & management, so everyone understands the responsibility regarding the protection of personal data. The training should be relevant to their job, making it easier to apply it on a day-to-day basis.
Online GDPR courses are available from Data Compliant including GDPR in practice (50 mins) and Recognising PII (15 mins). They use gaming techniques, making the learning experience engaging and fun.
1. if your signup form has pre-ticked boxes, untick them and make sure the language is clear. Get the new version for your account by contacting Support.
2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.
3. Plan to migrate to our new Data at rest encryption platform.
4. Familiarize yourself with the new GDPR options by joining the next webinar.
GDPR is important to our pan-European deployment. The Sensorpro GDPR capability with multi-language Signup forms & Subscriber activity dashboard are important tools that help compliance requirements. Sam Giles, Applications Analyst, WD40.