What is GDPR?
The General Data Protection Regulation popularly known as GDPR is a data privacy law that gives people more control over personal or sensitive information companies hold over them. The regulation (which became enforceable from May 2018) holds individuals and companies accountable for the use and processing of personal data. It applies to everyone that processes the personal data of EU citizens irrespective of location.
What falls under personal data?
Personal data is any information that could be used to identify a person. Under GDPR, there is broad scope for what could be considered personal data ranging from a name, number, location, IP address, to special categories such as race, sexual orientation or political belief.
To comply with the GDPR legislation, organisations must:
- Have a legitimate reason for processing data and obtain consent from customers for the processing and usage of their data.
- Give users the right to access or delete their data upon request.
- Ensure data collection systems are compliant with GDPR security protocols.
- Report security breaches within 72 hours to both customers and the supervisory body.
- And in most cases, appoint a Data Protection Officer to ensure company wide compliance with GDPR requirements.
Organisations who fail to comply with GDPR can face heavy fines of up to 4% of their annual turnover. Over the past year the UK’s Information Commissioner’s Office (ICO), has levied fines against companies or individuals found in breach of the legislation. For example, Bounty UK Limited, a pregnancy and parenting club was fined £400,000 for illegally sharing personal information collected for membership registration.
GDPR can be complex and difficult to understand. But it is important that organisations understand the different facets of the law and how it applies to their business operations.
At Kazient, we draw on our expert knowledge to provide the best guidance on the right course of action for your organisation. For instance, when GDPR was enacted in May there was a question about the legal basis of processing the data of existing customers. Many companies sent emails to their entire database asking for opt-in consent to receive future marketing. In lieu of our expertise, we advised our clients that this was not necessarily the best approach.
Instead, we suggested for them to ask their customers if they would like to opt out of having their data processed this way. In the former, companies found that no more than 7% of respondents gave their consent. This wiped out 93% of their database for future marketing. Whereas the companies we advised found that 2% opted out, with 98% of their customers allowing their data to be used by the company going forward.
Seek the expertise of data protection consultants to determine the best course of action when complying with GDPR.
Kazient Privacy Experts offer Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.