Even though David Davis and Michel Barnier will likely still be poring over the fine detail of that Brexit contract, The General Data Protection Regulations "GDPR" will come into effect on 25 May 2018 and affect every single business and organisation in the Country. Ignorance is no excuse! So I'm committing to blogging on the subject over the coming months, to translate what this new regulation could mean to you...
Why should you care about GDPR?
Because these regulations will affect us all: you, me, big business, small business, not for profits and everything in-between! This regulation will come into force and have continuing effect in the UK because it applies whenever and wherever the personal data of an EU citizen is being processed. I'm not only talking about the obvious suspects like our local authorities and major database suppliers - the regulations specifically mention SMEs and micro businesses so that will capture pretty much every organisation out there. The only general exceptions are your personal lists like my Christmas card list or the volunteers for the mum's tea morning .... otherwise the vast majority of other collections of personal data of EU citizens are included!
But Nicolina - I'm not "processing" data?
You'd be surprised. If you're obtaining, recording, storing, updating and/or sharing the data of a living person..... you're processing. But you already knew that because you're registered with the Information Commissioner's Office - right? That's already current law under the Data Protection Act 1998!
So Nicolina, why should I care?
GDPR goes further and has wider implication than the existing Data Protection Laws. Further, its easier to get landed with a nasty fine in the event of your breach of GDPR - £££ fines - money that I'm sure you'd rather be spending on your business rather than handing over to the authorities.
What's the key point to GDPR?
You need to get clear, specific, informed consent from an individual to use and/or process their personal data.
Silence is not consent. You can't bury it in terms and conditions. You can't assume it. You can't pre-tick boxes for them. You can't cross fingers and hope for the best.
So all of those newsletter lists, marketing databases, list of prospective clients etc. - they are all caught and right now.... you have time to do something about ensuring you have the rights to use that information.
The GDPR regulations are long so I'm going to be doing a short series of articles on this topic written in plain English so you are aware of the impact of GDPR to your business. Check back soon. Better still..... please subscribe to the newsletter on my website! I will need your unqualified consent to email you next year.....
If you have any questions about GDPR, take a look at the ICO website https://ico.org.uk/ or just drop me an email to discuss how you can prepare for GDPR - firstname.lastname@example.org
GDPR is coming.... you have been warned!