Don’t Ditch your Data!

Most responsible companies are probably aware that in 2018, they need to be giving a bit more thought to how they store and use the personal information that they hold about their customers. This is of course in anticipation of the new General Data Protection Regulation, which is due to come into force this May 2018.

But don’t over-think it; and don’t overdo it. Understand your obligations and then think outside the box about how you can comply with them whilst at the same time maintaining your business objectives.

Here are our key areas to note about the GDPR:

  1. In advance of May 2018 there should be an awareness of the impact of the new law at every level of your company; and companies should audit data held, consents obtained and policies in place.
  2. The definition of ‘Personal Data’ has been extended to information which may be capable of identifying a person;
  3. There must be a basis for holding and using personal information. If there isn’t, then there must be unambiguous consent to use of the data unless you have a legitimate business interest for doing so. Old ‘opt out’ consents may no longer be adequate.
  4. You must give more detailed information about what your ‘data processing’ involves. This means that more detailed privacy policies should be issued prior to the taking of any personal information.
  5. Subject Access Request Rights (where an individual may ask about data that you hold about them) will change. There will be shorter periods for responses and the fee you can currently charge will be abolished unless the request is unreasonable.
  6. Sales to minors will need the consent of adult.
  7. In some situations your will have to report significant breaches to the ICO and the owner of the data.

Savvy companies will be able to look at our seven key points and make them work for them and not against them. Maybe this is an opportunity to sell additional services at the same time as refreshing those consents that might not be quite as unambiguous as you’d hoped? Or is this a chance to show your customers just how seriously you take the security of their personal information by reaching out to them with details of your new policies? Don’t be deterred by the GDPR: after all, one man’s dream is another man’s nightmare (or is that over-thinking it!?).

  • Share: