The General Data Protection Regulation (GDPR) is a process put in place to allow consumers a bigger say in how businesses utilise data such as email addresses.
What impact will it have on your Law Firm? How will this change the way legal businesses execute marketing communications campaigns?
Here are 11 essential things you need to know about the new GDPR..
- Some may wonder why the GDPR has been introduced if we already had the UK Data Protection Act 1998 (DPA). The GDPR is designed to keep up with an ever-increasing digital world. It covers a wider range than the DPA and extends the data rights of individuals even further. All organisations are obligated to create clear procedures and policies when it comes to protecting personal data.
- The new GDPR will be applicable from Friday 25th May 2018 – this is the deadline for all businesses in terms of drawing up new procedures and sorting their current data.
- Individuals will need to double opt-in for marketing communications. This means businesses can no longer enforce pre-ticked boxes, so users have to manually opt out of unwanted communications.
- It will apply to all businesses processing customer data within the EU and also businesses located outside the EU but offering products and services to customers in the EU.
- The UK won’t officially leave the EU for another two years, so the GDPR is still applicable to UK businesses offering products and services to UK individuals only.
- All consumer data collected before the GDPR is enforced will still have the ‘right to be forgotten’ if they so wish. This means the controller of the data must completely erase all data held on the individuals – including copies of the data held by other organisations.
- Data held can include personal data such as IP addresses, bank details, social media profiles, social media posts, photos, emails, home addresses, telephone numbers and medical details.
- Businesses who don’t comply with the new GDPR could be banned from any data processing activities.
- If a business does not comply with the Regulation, then they could be fined up to 4% of their global turnover or €20 million – whichever amount is greater.
- A company cannot charge a consumer a fee if they request access to their own personal data. The data must be provided within 40 days of the initial request.
- If a company deals with the personal data of a child under 16 then parental consent will be required.
For more information call us today on 0800 133 7127 or email us at firstname.lastname@example.org.