Impending data legislation is an opportunity to build consumer trust and get ahead of the competition, says Melissa Chevin.
In just under a year’s time, the EU’s General Data Protection Regulation (GDPR) will come into force, giving individuals the ability to manage who has their data and what they do with it. It’s easy to view this simply as more red tape, but to do so is to miss an opportunity. Data is one of your most valuable assets and this changing legislation presents an opportunity to review and enhance your procedures and get ahead of the competition by guaranteeing privacy and building the trust that consumers hold dear.
Here we give you an overview of the main themes of the legislation and the areas you may need to action.
First, be aware that the definition of ‘personal data’ is broader than previously and includes posts on social media sites, computer IP addresses and work email addresses that contain an individual’s name. The Regulation makes no distinction between data in a work or private context. For some organisations, namely public authorities and those engaging in regular large-scale monitoring and processing of sensitive data, the appointment of a qualified Data Protection Officer (DPO) will be mandatory.
Going forward, consent for data use must be documented and be given explicitly by the individual for a specific purpose. Your programmes must also comply with the concept of ‘Privacy by Design,’ with an awareness of who is able to see and interact with your customer data at the heart of your planning. There are new requirements for data breach notifications, with the regulators and the individual having to be notified within 72 hours, and systems must be put in place to comply with the ‘Right to be Forgotten’ where by individuals can ask you to delete their personal data and stop using it.
Organisations found in breach of the Regulation will face significant fines of up to four per cent of annual global turnover and so now is the time to start planning (if you haven’t already started). For more detailed information or to address specific questions, please do email firstname.lastname@example.org or contact the BPMA regarding forthcoming training courses covering this issue.
To ask future questions of the clinic, contact Melissa on the email above.
Melissa Chevin is marketing director at Globefish Consulting and a BPMA board director email@example.com