GDPR: Myth versus reality
The biggest myth about the new EU General Data Protection Regulation (GDPR) is that UK businesses don't have to comply because of Brexit.By Elliot Paynter, Ignition CBS.I was surprised to read recently that one in four businesses have cancelled preparations for GDPR while a further four per cent haven't even started.
GDPR is due to come into force in May 2018 - ten months before Britain is due to complete its exit from Europe. From then, it will be illegal to email anyone who hasn't specifically opted in to receive marketing communications from your business.Ignore the rules and you could be fined four per cent of your annual turnover.
Even after Brexit, this will still apply to UK businesses. The UK was heavily involved in the drawing up of GDPR, and so the reality is that we are likely to see a stringent equivalency law, rather than a watered down version. Five steps to take now:-
- Awareness. Ensure key people and decision makers in your business are aware the law is changing.
- Consent. Start the opt-in process with your existing data.
- Best practice. B2C double opt-in processes are now essential for B2B.
- Define your opt-in statements. These should be clear and simple, leaving no room for doubt.
- Data Protection Officer. Designate someone to take responsibility for data compliance.