For an organisation, the simple way to understand GDPR is to know what the 8 rights are and have a process in place to comply with each one.
1 Right to be informed
2 Right of access
3 Right to rectification
4 Right to be forgotten
5 Right to restrict processing
6 Right to data portability
7 Right to object to direct marketing
8 Rights in relation to automated decision making and profiling
Controller. The organisation that will use the personal data of an individual in the EU.
Processor. The firm
a Controller will use to process the personal data, like us at Sensorpro.
Data subject. An individual in the EU that has shared their personal data with the Controller.
If you already have consent, there is no need to re-consent. Recital 40 provides for legitimate interest in the case of an existing customer contract or relationship. Review Recital 171 to decide if previous consent will suffice.
Working Party 29 is an independent European advisory body on data protection and issued new consent guidelines on 10 April, with excellent examples:
If a controller finds that the consent previously obtained under the old legislation will not meet the standard of GDPR consent, then controllers must undertake action to comply with these standards, for example by refreshing consent in a GDPR-compliant way.
Should I run a re-permission campaign?
Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.
The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.
If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.
In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.
The Sensorpro marketing platform will help compliance with new options including:
Changes to subscriber data
Subscriber management tools to clean up lists and remove dormant or inactive contacts.
Signup forms won't allow pre-ticked options.
New options to reinforce permission.
Option for a survey response to be anonymized.
Easy reports to provide Subscribers with proof of opt-in or proof of form completion.
New Data at rest encryption option.
New streamlined signup process for your website.
1. Add our new GDPR signup form to your website. Takes less than a minute and you will be able to provide Proof of consent right away. See how
2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.
3. Plan to migrate to our new Data at rest encryption platform.
4. Familiarize yourself with the new GDPR options by joining the next webinar.
GDPR is important to our pan-European deployment. The Sensorpro GDPR capability with multi-language Signup forms & Subscriber activity dashboard are important tools that help compliance requirements. Sam Giles, Applications Analyst, WD40.