The Positives of GDPR and what you should do now
There are only a few days now until the new GDPR law which affects us all, as individuals and business owners, becomes enforceable.
It feels as though we are in the departure lounge getting ready to get on the flight! Although your flight may have turbulence, it is going to get you to a beautiful destination.
GDPR is a fabulous opportunity
GDPR gives you the chance to make your business more efficient. However, the Data Protection Law and in particular GDPR is complex and a huge subject to interpret. Even lawyers are confused!
So, we have teamed up with Data Guru Andrew Roberts to create the best GDPR solution for small businesses owners. Our handy pack only costs £247 and will save you time and money. It is easy to go through and will save you hours of time.
What is all this GDPR fuss about?
The way we communicate has changed significantly over the last few years. We have all been bombarded by unsolicited emails and calls.
Things had to change. The GDPR has come out of a human rights movement – it is a mindset change! Your data belongs to you, not to the company that may be using your data without your permission.
The 25th of May is just a starting point, a line in the sand. We will have to continue handling data in a completely different way from now on.
What does this mean for small business owners?
It means that we need to know what data we have and what we are doing with it. I don’t just mean who we are emailing! The GDPR defines processing as more or less any aspect of touching data, including storage, transmission (e.g. email blasts) or alteration (updates).
Giving your business a shake-up is a good thing. Data is being elevated in our businesses in a way that it hasn’t before. We have to think about it rather than take it for granted. We have spent time over the years keeping our businesses going by thinking about our content and marketing strategy. The GDPR is raising the bar for data; it’s equalising data with other elements of a business.
Here are 3 time sensitive actions to take before 25 May 2018
- Work out what data you have (we are talking personal data – anything which can identify a natural person).
- Create Data Processing Segments for all of your data. These are logical groups of data, which you process cohesively. For example, marketing communications to prospects, or processing employee data for the payroll.
- This covers all data, including storage, transmission (e.g., email blasts) or alteration (updates).
- Make sure, you put B2C data (includes sole traders and partnerships) in a different Processing Segment than B2B.
- You need to identify and document one of the lawful reasons for processing the data in each of the Data Processing Segments (there is a choice of six).
After you have established your Data Processing Segments you can see if you need to email people to ask them to opt-in or not?
If you are going down the consent route, most common for B2C businesses, rather than one of the other five lawful reasons for processing, then you need to look at your existing B2C contacts and decide if they opted-in to your list in a way, which complies with GDPR.
- Did they give their consent via an un-ticked box?
- Did they know what they were signing up for?
- Was no incentive given to encourage them to sign up?
If the answer to these questions is yes, then you don’t need to get them to opt-in again.
If any of your answers are no, you need to invite them to opt-in again before 25 May – this is the most time-sensitive action of them all. After 25th May you can’t email them, and you should delete them from your lists.
It’s important to note here that legitimate interest is not a get out of jail free card. Yes, a lot of businesses will be correct in choosing this lawful reason for some of their processing segments, but the necessity and balancing tests must be passed and documented. This needs to be done by 25th May.
You also need to feed what you have established above into your privacy notice and tell people how you are going to deal with any objections to the individuals’ rights. For this action, it can be put on your website and linked to your communications.
If you don’t comply with GDPR, you could be fined 4% of global turnover – but the ICO has said that they will not lead with fines.
Last week, they told small business, clubs, and charities not to PANIC but to take concrete steps towards being compliant.
Make sure you take action
Small businesses, thrive and survive on reputation – can you risk it being damaged by not complying with this change to the law?
GDPR provides you with the ability to treat your data, respect who you are talking to and maintain your reputation as someone to do business with.
May 25th is not far away, if you need help, check out our easy, cost effective product that will get you GDPR compliant in the shortest time possible. If you need further help, we also offer a bespoke GDPR service too.