The new General Data Protection Regulation (GDPR) comes into force in the UK in May 2018. It has generated a lot of tension within UK businesses with respect to the new obligations it will create when it comes to protecting and collecting consumer data. Your clients may currently have all sorts of questions about how the regulation is likely to impact what they do and how they deliver services. Thankfully, complying with the GDPR is not as complex as it seems.
Why is the GDPR a positive step?
It basically introduces a framework for dealing with personal data and that kind of clarity can only be a good thing for any business. For many IT companies this is going to mean finding new ways to engage with customers – based on what those customers prefer when it comes to contact frequency and methods – and offers the opportunity to provide a better service.
How might the GDPR affect services offered?
The GDPR is unlikely to affect the range or type of services on offer. The impact it will have is on the internal processes of client business, the way data is handled and the way customers are contacted. There are three key areas of concern that provide a foundation for preparation for GDPR compliance.
1. Taking data protection seriously.
Data protection has never really had the kind of prominence it has probably deserved, mainly because there has historically been few penalties for a lack of compliance. Now, however, the GDPR has changed this completely – businesses could be fined up to €20 million or 4% depending on the mistakes made. So, it’s time to take data protection seriously and that means being able to identify where sensitive data is held in a business, how it is treated and how safely it is stored. Every business should now have a dedicated Data Protection Officer who has an “expert” level of understanding of how the GDPR applies to the business, as well as how the business treats its data. This may seem an onerous addition but it will introduce transparency and accountability for personal data like never before.
2. The issues surrounding consent.
Remember the days when there were no rules with respect to customer contact? Consent is now required for almost every type of customer data use for contact. Not only that but it needs to be carefully monitored because if consent is withdrawn then the business needs to act swiftly to action that. The reality of implementing more careful coverage of consent is positive: your customers are likely to feel happier and less harassed when it comes to communications.
3. Theft or loss of personal data.
For businesses that suffer a security breach of personal data under their control, the GDPR introduces new and much more demanding requirements for reporting and action. For those in the IT industry this means ensuring there is a comprehensive plan in place to respond to any security breach or loss of data and that business continuity strategies not only include getting systems secure and up and running but also ensuring that that right people are told about what has happened. So, businesses will be more accountable but this also offers the perfect opportunity to reassess and tighten up security and response procedures.
To find out more about GDPR, give the Marathon team a call today on 020 8329 1000.