At the end of May, new data protection rules come into force affecting every organisation in the UK. The rules are designed to give individuals greater control over the personal data companies hold on them and what they do with it. Companies who breach the new rules can be subjected to significant penalties, with maximum fines up to €20million or 4% of annual global turnover, whichever is the greater.
Jade Greenhow, General Manager for Insight Data – who has been tracking the developments and implications of the General Data Protection Regulation (GDPR) since it was first proposed in 2012 – explains the new regulations and the implications it will have for all businesses…
“The last major overhaul of data regulations was 20 years ago, before Google, Facebook, Apple and other technology companies collected and processed the personal data from millions of people. In the UK we relied on the Data Protection Act 1998. However, with inconsistencies on data protection across member states of the EU, leaders from the European Parliament, Council and Union have come together and developed a new standard for the collection, storage and processing of personal data.
“If you hold any personal data – from employees to the names of your customers – it would be wise to conduct a GDPR audit, and clearly document the personal data you hold, how and when you collected it, and how it is used. You will also need to have a clear privacy policy, be able to show a legal basis for processing the personal data you hold, and have procedures in place to detect and report on a data breach (such as a computer hack or data theft by an employee).
“The GDPR specifically relates to the processing of personal data with emphasis on the ‘fundamental rights and freedoms’ of individuals (known as ‘data subjects’). This includes how organisations collect, store, transfer or use personal data and includes, for example, employee records, supplier and customer information or prospects/sales leads. Although the GDPR relates to personal data and not businesses, any data that can identify a ‘natural person’ will fall under the new regulations. This includes an individual’s name or email address even if they work for a limited company or LLP.
“The matter of ‘consent’ is a cause for confusion with many companies. Consent is one way to comply with the GDPR but there are in fact five other legal grounds for processing personal data, including ‘contract’ and ‘legitimate interest’. For direct marketing to new customers, particularly business-to-business, legitimate interest will be the legal basis for processing personal data although organisations will need to demonstrate that they balanced the interests and rights of the individual. Legitimate Interest is outlined in Article 6(1)(f) of the Regulation, and Recital 47 of the GDPR states clearly, “The processing of personal data for direct marketing purposes may be regarded as carried out for legitimate interest”.
“Insight Data marketing lists are continuously validated and updated and can help B2B suppliers in the glazing and construction industry comply with the GDPR. To comply with the GDPR it is essential that your data lists are valid and kept up to date. You will need to document how you collected the contacts on your database and have procedures in place to regularly update the information to ensure the data is accurate. For most companies collecting and managing your own marketing data list is likely to fall short of the new regulation unless you invest heavily in regularly cleansing and updating it.
“As a final note, despite the hype and surge of so-called ‘GDPR Consultants’ and GDPR seminars, there are in fact no qualifications or accreditations for GDPR and indeed the interpretation of the GDPR can vary between so-called experts. One thing is for sure though, you must make sure your business complies with the GDPR by 25th May.”
For more independent information and GDPR compliance guidance, visit the Information Commissioners Office (ICO) at www.ico.org.uk
Insight Data also publishes information and guidance for B2B marketing, visit www.insightdata.co.uk for the latest updates.