We know you need to make the most of your time, and that data protection compliance for businesses is a whole complicated matter. That’s what makes the new General Data Protection Regulation (GDPR for short) seem so daunting.
You could do with that mountain of rules and expectations succinctly clarified. So with that in mind, as part of our series on GDPR Business, we’ll provide you with answers to several frequently asked questions business owners have about GDPR in a short, three minute read.
As an added bonus, we’ll also reveal our official GDPR Toolkit for Businesses to help you understand how you can comply. You’re invited to download it below.
Start the clock!
What is GDPR and when does it take effect?
GDPR governs the full data protection rights of individuals online in the EU marketplace. The new regulation will replace the Data Protection Act of 1998, a rule which had governed strictly UK entities. GDPR will officially take effect on 25 May 2018.
Who is the official UK governing body for GDPR?
Each state within the EU has an organisation in charge of managing compliance issues and regulating GDPR. For the UK, it’s the International Commissioner’s Office (ICO).
What kinds of data are included?
You need to have safeguards and processes in place to address all forms of data that could in any way be traced back to an individual. This privacy-focused information can include data subject information (such as usernames, payment card numbers or web cookies) and personal data (like location, name, or date of birth).
What is a controller and a processor?
A controller is any natural or legal entity, public authority, body or agency which determines the purpose and way that personal data is processed.
A processor, by contrast, is the party that actually carries out the processing of the data on the behalf of the controller.
What is double opt-in?
Double opt-in is a key part of ensuring your company complies with GDPR and protects the data of the data subject. It involves a structure for data collection which not only collects the user’s data and contact requests but follows up to confirm that they approve your use of that data.
For example, a lead fills out an online form and ticks a box for you to contact them by email, but not by telephone. Under double-opt in you will need to then email them to confirm that they intended to opt-in and have given this specific consent. Equally, you would in no way, shape or form call them, whether they left their telephone number in the form or not.
Does Brexit cancel GDPR out?
Let’s keep it short - no, it does not. What happens if you don’t comply with GDPR?
Under prior legislation, the fines topped out in the UK at £500,000. Now, at its maximum, it can be whichever is the greater figure: 4% of annual turnover or 20 million Euros.
How can your team approach GDPR?
We’ve addressed this matter in our blog post regarding GDPR compliance - it’s worth a read. For the purposes of this question, it’s this simple:
- Determine who in house is affected by GDPR
- Ensure they address the ramifications of GDPR with their departments
- Audit all current data protection procedures
- Update them to comply with GDPR
To know more about what that consists of, read the above blog post, or scroll down to learn more about our free GDPR Toolkit for Businesses offer.
What should I do next?
We think that businesses could do with a Toolkit to tick off as they go full compliance with GDPR as May 2018 approaches.
That’s exactly what we’ve done for you. The Luminate Digital GDPR Toolkit for Businesses will address points like the ones mentioned above, as well as several others, in further detail so that you can breathe easy and ensure you’re fully compliant.
Download the Toolkit today - it’s time well spent.
Prefer to speak to someone? Book in an inbound marketing assessment with our in-house expert and Head of Digital Growth, Paul.