Drilcorp were recently invited to attend a seminar session at Sunderland Software City hosted by Mincoffs Solicitors. The topic of the day was the most popular discussion in marketing at the moment, GDPR.
With the deadline for GDPR fast approaching and as a marketer handling data, I jumped at the chance to attend.
Although there is no certainty as to whether GDPR will be part of English law after Brexit, it will definitely be relevant to all UK organisations from 25 May 2018 until the UK formally leaves the EU. Once Brexit is agreed and finalised, GDPR will continue to apply to UK organisations offering goods or services to, or monitoring the behaviour of, EU citizens.
Surprisingly only one third of all UK businesses have started to prepare for the change and yet the fines which could be levied can be up to 4% of a businesses turnover.
Besides the power to impose fines, the Information Commissioner’s Office (ICO) has a range of corrective powers and sanctions to enforce the GDPR. These include issuing warnings and reprimands; imposing a temporary or permanent ban on data processing; ordering the rectification, restriction or erasure of data; and suspending data transfers to third countries.
The session covered the legal compliance needed and changes being made to the regulations. Most importantly the role of the data controllers and data processors and their responsibilities, come May 25th. Date must be processed lawfully, fairly and in a transparent manner and a record must be kept of all date processing activities.
If you are a marketing company who already holds a database list then it is a good idea to check where and when the consent for the data was obtained and it is advisable to carry out a refresh of that data allowing individuals to opt in or out. Bear in mind that most data bought from a data house or data owner can only legally be used for a period of six or twelve months from the date of purchase and use is often restricted.
As per the Information Commisioner’s Office (ICO) GDPR guide, now is a great opportunity to review your current procedure for processing data and change to more appropriate ones if necessary.
Before the deadline you must prepare and carry out an audit of all of your data by updating internal procedures, amending privacy policies and ensuring that you have standard letters for subject access requests.
The process of preparation fills most of us with dread and unless you are a very small business who only deals with business clients then the analysis of your data is going to be a lengthy one.
Larger organisations will need to consider their IT systems, HR data, Customer and supplier data held at every site and any data that is shared with a third party.
If all of this still makes no sense and the thought of a legal battle is on your mind then Mincoffs Solicitors can help with a data audit and advise on the correct use and level of data processing to close any identified compliance gaps.