GDPR is a new EU law effective 25 May 2018 that grants 8 rights to an individual in the EU on how Organisations handle their personal data

For an organisation, the simple way to understand GDPR is to know what the 8 rights are and have a process in place to comply with each one.

Individuals in the EU have 8 rights under GDPR:

1 Right to be informed

2 Right of access

3 Right to rectification

4 Right to be forgotten

5 Right to restrict processing

6 Right to data portability

7 Right to object to direct marketing

8 Rights in relation to automated decision making and profiling

GDPR has some terms you should know about.

Controller. The organisation that will use the personal data of an individual in the EU.

Processor. The firm a Controller will use to process the personal data, like us at Sensorpro.

Data subject. An individual in the EU that has shared their personal data with the Controller.

Key lessons from experienced GDPR practitioners.

Consent must be transparent and obvious, not hidden behind walls of text or pre-ticked checkboxes. Proof of consent should be readily available and a Single opt-in approach should be avoided.

If you already have consent, there is no need to re-consent. Recital 40 provides for legitimate interest in the case of an existing customer contract or relationship. Review Recital 171 to decide if previous consent will suffice.

Working Party 29 is an independent European advisory body on data protection and issued new consent guidelines on 10 April, with excellent examples:

If a controller finds that the consent previously obtained under the old legislation will not meet the standard of GDPR consent, then controllers must undertake action to comply with these standards, for example by refreshing consent in a GDPR-compliant way.

Should I run a re-permission campaign?

Personal data should be encrypted and not stored as plain text. When personal data is encrypted it is of no use without encryption keys.

The Right to be forgotten and data use will impact multiple marketing platform functions like survey responses and segmentation.

Cookie pop-ups

Before GDPR, each country had a different implementation of the Cookie directive. For example, Germany had the opt-out method with some countries using browser settings for consent. After GDPR, there will only be one cookie law in the EU without any national margin for discretion when implementing the rules. Under GDPR, tracking must be clear and consent freely given. For the avoidance of doubt it is best to clearly identify all tracking cookies, including third-party, in the privacy policy.

Based outside the EU

If a company is based outside the EU but stores data belonging to EU individuals, they are also subject to the new rules. One of the key requirements is that if based outside the EU, they need to appoint a representative in the EU.

In the UK, there is legislation in the works to transpose GDPR into UK law post-BREXIT.

What are Sensorpro doing?

The Sensorpro marketing platform will help compliance with new options including:

Changes to subscriber data

Subscriber management tools to clean up lists and remove dormant or inactive contacts.

Signup forms won't allow pre-ticked options.

New options to reinforce permission.

Option for a survey response to be anonymized.

Easy reports to provide Subscribers with proof of opt-in or proof of form completion.

New Data at rest encryption option.

New streamlined signup process for your website.

Quick wins for Sensorpro customers

1. Add our new GDPR signup form to your website. Takes less than a minute and you will be able to provide Proof of consent right away.  See how

2. Know how to use the anonymise option in your Sensorpro surveys and proof of consent reports.

3. Plan to migrate to our new Data at rest encryption platform.

4. Familiarize yourself with the new GDPR options by joining the next webinar.

Visit our privacy policy to learn how we comply with the 8 rights an individual in the EU has under GDPR.