3 Important things your small business needs to know about GDPR

There is a growing buzz in the business community about the upcoming General Data Protection Regulation (GDPR) and what it will mean for small business.  In this blog we are boiling things down to basic principals.

We are not going to cover every single aspect of GDPR,  but we will give you a breakdown on the three most important aspects of the General Data Protection Regulation for your business.

Let’s start with a brief definition and deadline.

What: The General Data Protection Regulation is a change in EU legislation governing the way we manage personal information of our customers.

When: It was actually agreed and adopted by all member states in April 2017 but more importantly it is scheduled to come into enforcement on May 25th 2018.  This is the point where compliance becomes mandatory and fines can be applied to companies or persons found in breach.

The 3 most important things for you to know are:

Communication

As a business you will be required to tell your customers what information (data) you are collecting about them.   You will have to inform clients what you are going to do with that data and how long you are going to hold onto the information.

It is a good idea to carry out an audit of the data which you currently hold on your customers and update your practices to match the new guidelines.

Generally speaking,  terms of business, terms and conditions of sale and, most importantly, your privacy policy documents must be updated to fall inline with the new regulations.  In particular,  you should pay attention to which third party services you share your customers data with.

Consent

Customers must now give specific consent to the use of their data. You can no longer collect it for one purpose and use it for another without express permission.

If you operate an online store or website that collects personal information you may well use the, all-too-familiar, tick-box, “Add me to your mailing list”.  Most websites have this box ticked by default.  From May onward this is no longer acceptable.  Customers must give consent by actions rather than inaction.  They must tick the box themselves.  This will force you as a business to create better incentives for your customers to join your marketing efforts.

Another consequence of this regulation is that all existing data must be brought in line with the regulations.  If you all ready have a mailing list you must have specific consent for each person on the list.  Many larger companies are already running re-commitment campaigns to get their lists up to scratch.  This type of campaign can decimate the volume of emails addresses or mobile numbers you can communicate with, so it is important to plan carefully, we can help with this.

You can expect to see a growing number of these Re-Commitment campaigns as the deadline for compliance approaches,  so best not leave it too late.

Control

Your customers will have much greater control of how you handle their information. They have the right to be forgotten,  and If they ask you to destroy information you hold on them,  you will need to comply with that request within a 30-day period.

They have the right to access, you have to be able to show the information you hold on them within a 30-day period.

You must also make the data you have on that customer portable and if they want to move to an alternate provider you have to facilitate that.

To recap, you have to communicate in a transparent fashion with your customers.  Your customers must give you specific consent and they have much greater control of the data you hold.

For more details or pop over to the data protection commissioners own website gdprandyou.ie/ for the whole story or if you want help in getting your marketing efforts in line then just get in touch