ARE YOU READY FOR
THE EU GDPR? In May 2018, the EU General Data Protection Regulation (GDPR) will replace the Data Protection Act, and it will affect all EU data your organization manages. The price of non-compliance can be business critical, with fines of up to 4% of your annual turnover 1. What does this all mean? We delve into some of the common misconceptions of GDPR and separate the fact from the fiction.
WE ARE BASED IN THE UNITED STATES, SO THIS DOES NOT APPLY TO ME. Fact- Wrong! If you process any data of an EU citizen, regardless of where your company is based, you must comply. That means any databases or mailing lists you have that include EU citizen data must follow the legislation.
I AM IN THE UK, SO I DON’T HAVE TO WORRY BECAUSE OF BREXIT. Fact- Not true. GDPR will come into effect regardless of what happens with Brexit. Although the UK will leave the EU, you will have to comply if you process any EU data, regardless of your location.
MYTH 4 MYTH 3
I ONLY NEED TO WORRY ABOUT THE CUSTOMERS’ NAMES AND EMAIL ADDRESSES THAT I KEEP. Fact- GDPR concerns ALL personal data. Any EU citizen data, including age, gender, ethnicity, genetics, economic status, personal address, telephone number, and any other identifying information, will have to comply with this new legislation.
Make sure you don’t get caught out with GDPR! Take our half day GDPR course and learn the valuable lessons you need to put this legislation into practice.
I CAN JUST KEEP TO THE SAME OPT-IN PROCEDURES AS BEFORE BUT CHANGE THE BACK-END HANDLING OF THIS DATA. Fact- Guess again! You will need to make sure that for every piece of data you have on an EU citizen, that individual has explicitly given you consent to hold this data, and that it is only used for what the intended purposes are. You also will need to make sure that this consent has been unequivocally obtained and not because somebody forgot to uncheck a box.
For course details, visit LearningTree.co.uk/1035 Source: 1http://www.eugdpr.org/key-changes.html
IF I OBTAIN SOMEONE’S DATA FOLLOWING WITH THEIR EXPRESS CONSENT, I CAN KEEP THIS DATA FOREVER FOR MARKETING PURPOSES. Fact- Not quite. GDPR will bring in the ‘right to be forgotten’. This means that you will not be able to hold any data for longer than necessary. It also means that you are only permitted to use that data for the original purpose that you obtained it for. If you need to use this data for an unrelated project you will need to obtain new consent from the individual. This also means that if someone requests for their data to deleted, you MUST delete all of it and it cannot be stored anywhere else.