If your business stores any personal information – and that includes name, email address, and telephone numbers – you need to be aware of the data protection changes that will be enforced from May 2018 when the General Data Protection Regulation (GDPR) replaces the Data Protection Act. A common question is what about the Brexit vote? This has no impact as the UK will still be part of the EU in May 2018 so businesses need to comply with the GDPR.
One of the GDPR requirements is having consent to process personal information. Processing includes sending out marketing emails and SMS messages. Under GDPR consent needs to be a ‘..clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data’. In practice, this includes making sure that website and paper forms provide details about why information is collected and what will be done with it. The GDPR gives details about what will not be acceptable:
- Silence (not giving details about processing)
- inactivity (not giving people an option to opt-in)
- pre-ticked boxes
The majority of companies already have personal information that will not meet the GDPR requirements, but that isn’t an issue if you follow a process to request it.
If you continue to give the silent treatment to personal information you are likely to be fined, and these can run into thousands of pounds, possibly up to €20m or 4% of global turnover.
Get in touch for more details about the consent requirements, how to deal with existing personal information that you hold and getting ready to comply with the GDPR.
t: +44 (0)7941 188462
For more details about GDPR, read our SME guide to the changes.