GDPR is due to replace the former EU Data Protection Directive and comes into force from the 25th May 2018.
In summary, GDPR has been brought about partly because of the increased movement of data around the EU but also because with the advancements of technology the amount of data collected has increased significantly. This large amount of data and where it is stored is of major concern to the EU.
GDPR applies to all organisations processing data from EU residents and still applies to us after Brexit
Those firms who do not comply with the new GDPR regulations face larger fines, up to 4% of annual turnover or 20 million euros
Consent and how it’s given is being made simpler, the purpose of the consent given clearer and the withdrawal of consent easier
Any breach of the GDPR regulations have to be notified within 72 hours of the breach occurring
Consumers will have more access rights and a right to be forgotten
Privacy will be built into system design and privacy policies and terms and conditions will be clearer and more transparent
On the whole it’s widely believed that GDPR is a good thing for consumers. Instead of being bombarded with communications which are not relevant to you, you will now have a choice as to whether you wish to be communicated to by that company. Over the forthcoming weeks and months you will no doubt be inundated by companies asking you to update your contact preferences and this gives you a great opportunity to lose some of the “junk” email you receive that is of no importance or relevance to you.
You will also be able to revisit your contact preferences whenever you like and opt out of communication at a later stage should you wish to.
Your data will no longer be able to be kept indefinitely by companies. Companies will only be able to hold data where it has been collected for specified, explicit and legitimate purposes.
Companies will also have to hold your data and process it in a secure and appropriate manner and protect against any unauthorised processing and loss, damage or destruction.
Fox Grant have always been extremely careful with clients’ personal details and welcome GDPR as a positive step as we feel it’s in everyone’s interest. Here at Fox Grant we are doing the following in our efforts to be GDPR compliant by the deadline:
Undertaking a full risk assessment to include how and why we obtain data, how we process data and how we store data
Appointing a Board level data officer
Liaising with all our suppliers (data processors) to ensure they have addressed GDPR compliance
Training all staff on GDPR
Communicating with our clients and asking them to update their contact preference
Shortly we will be sending everyone on our database (except those who have unsubscribed) an email with a link to a contact preferences page. This page will allow you to tick boxes next to those types of communication you would like to receive. Where boxes are left unticked, we will understand that you do not want to receive this kind of communication.
By using this link you will be able to update your preferences at any time.
Where we have a legitimate reason to contact you, e.g you are one of our current or past vendors or buyers, we will continue to communicate with you.
If you change your mind at any time and no longer wish to receive marketing communications from us you can email us at email@example.com and we will send you a link so that you may update your contact preferences. If you have any questions at all about opting out or your right to be forgotten please call our office on 01722 782727 and we will be delighted to help.
Further information can be found on the ICO website or by looking at the GDPR itself https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The Fox Grant GDPR guide has been written for guidance only and is not to be considered legal advice. The ICO website is a fantastic resource and will outline what steps to take in order to be compliant. If you have any questions, call the ICO information line or take legal advice from a GDPR specialist.