GDPR is Changing - Are You Prepared?
GDPR breaches will result in fines that will cost your business 4% of turnover or up to 20 million. So it is imperative your systems are up to date.
You may have heard, European GDPR and data protection rules are changing, and - like it or not - this is big news for your organisation's automated and online systems, particularly CRM.
Whether you're a charity, an international company with a hundred employees, or you're just a one person start-up who works from home with your dog... If you collect and use customer data, GDPR affects you!
But do not panic, in this blog Six Ticks will help you to understand the new rules and help to get your business fighting fit and ready for GDPR!
What is GDPR?
The General Data Protection Act or GDPR as it's commonly referred to, is a regulation by European Parliament the Council of the European Union and the European Commission intended to improve and unify data protection for EU citizens.
In short, it is the guidelines for how we collect, process, use and store customer data, whether it's through paperwork, websites, or CRM systems.
New data protection laws come into place on 25th May 2018 so its time to ask yourself. Is your organisation ready?
Why the Changes?
The last GDPR guidelines were created in 1995, back when hardly anyone had email, websites, or mobile apps - so you could say the changes are well overdue. ! The way we submit and use data has changed massively over 20 years, so ensuring your online and automated systems are up to date is absolutely vital when it comes to GDPR.
GDPR themselves state that the new rules are: "the most important change in data privacy regulation in 20 years".
What Are the Changes?
There are a number of key changes which will impact the way businesses use, store and process customer data, and how the data subject can access this data.
Key changes will include:
- Consent - Clear and accessible forms must be used when collecting customer data with the purpose for data clearly stated as well as an easy way for people to give or withdraw consent.
- Double Confirmation - After the user consents, you will need to email the user to get them to confirm consent, before you can use their data for marketing purposes.
- Opt-In - You cannot assume someone has opted-in or tick the opt-in box on their behalf. People must actively choose to opt-in to any form of marketing, whether they are making a purchase or not.
- Breach notification - You'll be required by law to notify individuals of any breaches to your systems within 72 hours.
- Data access - Subjects will have easier access to information and the right to request if their data is being used, plus how where and when it is being processed.
- Right to be forgotten - Individuals will (in most cases) have the right to have their data completely erased. Some systems "soft-delete" data, by just hiding it rather than deleting it entirely. This is likely to be unacceptable, as any data breaches will still contain the records that have been "forgotten".
- Privacy by design - this rule means that systems must be designed to address data protection from the moment of capture, rather than trying to apply privacy after the data has already been stored.
- Re-Confirmation - Any data you have collected before GDPR kicks in will still be covered by the new laws. This means if you have already collected or purchased data for marketing purposes and you cannot prove the customers have consented and confirmed, you will need to reconfirm the data.
The full list of changes can be found on the GDPR website.
Should My Business Care About GDPR?
Organisations in breach of the new GDPR guidelines may be fined up to 4% of their annual turnover or 20 million.
The Data Protection Act and GDPR is a big deal, so if your business collects, uses, or stores customer data (even via 3rd party plugins or "just in Wordpress") then you need to make sure all of your systems, plugins, and online forms comply.
But What About Brexit?
The GDPR itself says it is not sure if Britain will still adhere to GDPR's set regulations when Brexit takes place. However, it is highly likely it will. Plus, if your business has even just one customer or prospect record from the European Union, GDPR regulations will apply.
The UK government has also indicated that even if the UK is not part of GDPR, it will implement an equivalent or alternative mechanism.
So the advice for Brexit advice? Prepare for GDPR!
How to Prepare
With GDPR on the horizon, now is the time to review and invest in your databases and online systems to make sure you are ready for the new rules.
You might want to start by thinking about any areas of your business where you collect or use data. In terms of automated systems this could be:
- Online Forms
- CRM Systems / Databases
- Emailing campaigns
Here are a few things to consider:
- Do all of your online forms clearly enable the user to give consent for data use?
- Do your contact forms clearly state how data will be stored, processed and used?
- Does your website use https security and is your server secure?
- How does your business store and use data from emails?
- Does your CRM system follow GDPR guidelines?
- Does your CMS and every plugin you use follow GDPR guidelines?
- Are you systems and servers up to date with the latest security patches?
- Are these ticking all the boxes? We also recommend you look into the activity of each team and assess how each department collects and uses client data.
How Should My Business Prepare?
Your business needs to be able to demonstrate that it has addressed GDPR guidelines and done everything you can to adhere to them and to protect client data. This may include improving processes, improving paper and software storage systems, updating systems, making changes to your website or CRM system, improving security systems, training staff, and introducing data protection training and practices for your workplace.
If your current systems do not do this then you need to start making changes now.
Let Us Help!
Six Ticks specialise in secure CRM systems, web development and mobile apps. We can help your business to prepare for GDPR!
We are currently offering a free digital and systems review to assess your online forms and processes. Get in touch for a FREE no-strings-attached digital review and get ahead of GDPR!