What is GDPR?
Replacing the UK Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The government has clarified that the UK’s decision to leave the European Union will not impact the enforcement of GDPR. The regulations apply to both ‘controllers’ and ‘processors’, and is inclusive of organisations operating within the EU, as well as those outside of the EU that offer goods or services to individuals in the EU. CIM is committed to enabling marketers and their organisations to ensure they are compliant and able to drive the correct handling of consumer data throughout their business, as well as taking advantage of the opportunity it affords marketing communications.
Whilst GDPR affects everyone within an organisation, marketers are particularly well placed to ensure GDPR compliance throughout their business. With a superior knowledge of the customer, marketers are able to enter into a dialogue with consumers regarding the changes GDPR will enforce, and understand what customers are willing to tolerate.
Organisations who are found to be in breach of GDPR after 28 May 2018 can be fined up to 4% of annual global turnover or €20 million, whichever amount is larger. This is the maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.
Under GDPR, all businesses are required to gain consent for all data collected from individuals, as well as provide clear and comprehensive privacy notices to help these individuals understand how their data will be used. For SMEs, it is particularly important to note that businesses of all sizes need to be able to prove that consent was given if they want to process any form of personal data. Any small business that processes data for a client firm may also have to demonstrate that they have appropriate data-processing controls in place that comply with GDPR.
Whilst GDPR affects businesses of all sizes, large organisations need to consider key areas of the new legislation, such as: reconsent; double opt-in; ensuring existing data is compliant as well as new; using data across European borders; and the new Data Protection Act. These are areas that will receive clarification in the coming months, before GDPR is instated.
The Data Protection Bill seeks to apply GDPR to all of those areas excluded under the GDPR, creating one regime across the board. It also aims to ‘Brexit-proof’ GDPR so that after Britain withdraws from the European Union, GDPR will still work under UK law. However, it is currently unclear when the DPA will come into force, as it requires an order by the appropriate Secretary of State.
A Data Protection Officer must be appointed to a business in the case of an organisation being either: a public authority; or engaging in large scale systematic monitoring or processing of sensitive data.
CIM’s Data Right initiative urges organisations to take action on the issue of responsible management of customer data. We are asking organisations to make a pledge to do four things: be clear; show the benefits; show respect; and be in the know. This offers organisations the chance to be seen as a leader on the issue of data protection, and includes discounts on the Essential Guide to GDPR course offered by CIM. Our courses, articles and webinars can support your organisation in the transition to a post-GDPR period, with practical advice and guidance on navigating the new legislation.
Articles and Insights
GDPR – the marketing opportunity
With potential fines for non-compliance on the horizon, GDPR needs to be responded to quickly and with diligence, but marketers should also recognise the positive side of the new legislation.
Top five tips to prepare for GDPR
In today’s consumer-centric world, handling customer data is a business-critical issue for organisations. After GDPR, it will also become a legal imperative.
7 GDPR tips marketers need to know
Brand leaders Force24 provide seven GDPR tips for marketers, encouraging a ‘don’t panic, but act now’ approach from business leaders across the industry to ensure GDPR compliance come May 2018.
Practical Insights: What marketers need to know about GDPR
This webinar with CIM course director Duncan Smith gives an overview of how GDPR will affect business; what marketers must do before it’s in force; and what the marketing landscape will look like post-GDPR.
Getting your data right
CIM’s Data Right campaign urges organisations to take action on the responsible management of customer data. A recent CIM survey highlighted a key concern of consumers: who’s in control of their data.
Challenges and opportunities 2017
In a continued period of data-driven marketing, marketers have the perfect opportunity. GDPR, with the potential fines and negative publicity for those who do not comply, must be a top priority.
To learn more about GDPR and how it affects your business, attend CIM’s Essential Guide to the General Data Protection Regulation (GDPR) for Marketers, by course director Duncan Smith.