With the new General Data Protection Regulation (GDPR) looming, you might well be 1 of the many now frantically assessing company processes and systems to ensure you do not fall foul of the new Regulation come implementation in Might 2018. Even if you have been spared operating on a direct compliance project, any new initiative inside your business is most likely to include an element of GDPR conformity. And as the deadline moves ever closer, companies will be seeking to train their employees on the fundamentals of the new regulation, particularly those that have access to personal data.
The fundamentals of GDPR
So what is all the fuss about and how is the new law so different to the data protection directive that it replaces?
The initial key distinction is one of scope. GDPR goes beyond safeguarding against the misuse of personal data such as e-mail addresses and telephone numbers. The Regulation applies to any form of personal data that could determine an EU citizen, such as user names and IP addresses. Moreover, there is no distinction between info held on an person in a company or personal capacity – it’s all classified as individual data identifying an person and is consequently covered by the new Regulation.
Secondly, GDPR does away with the convenience of the “opt-out” presently enjoyed by numerous businesses. Rather, applying the strictest of interpretations, utilizing personal data of an EU citizen, demands that such consent be freely given, particular, informed and unambiguous. It demands a positive indication of agreement – it cannot be inferred from silence, pre-ticked boxes or inactivity.
It is this scope, coupled with the strict interpretation that has had marketing and business leaders alike in such a fluster. And rightly so. Not only will the business require to be compliant with the new law, it might, if challenged, be required to demonstrate this compliance. To make issues even more tough, the law will apply not just to newly acquired data post Might 2018, but also to that already held. So if you have a database of contacts, to whom you have freely marketed in the past, without their express consent, even giving the individual an choice to opt-out, whether or not now or previously, won’t cover it.
Consent needs to be gathered for the actions you intend to take. Getting consent just to USE the information, in any type will not be sufficient. Any list of contacts you have or intend to buy from a third party vendor could therefore turn out to be obsolete. With out the consent from the people listed for your business to use their data for the action you had intended, you won’t be able to make use of the data.
But it is not all as bad as it seems. At first glance, GDPR appears like it could choke company, especially online media. But that’s truly not the intention. From a B2C perspective, there could be quite a mountain to climb, as in most instances, companies will be reliant on gathering consent. However, there are two other mechanisms by which use of the information can be legal, which in some cases will support B2C actions, and will almost certainly cover most areas of B2B activity.
Are you wasting time seeking gdpr courses london on other sites?
flesh97palm 