What is GDPR?

Replacing the UK Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The government has clarified that the UK’s decision to leave the European Union will not impact the enforcement of GDPR. The regulations apply to both ‘controllers’ and ‘processors’, and is inclusive of organisations operating within the EU, as well as those outside of the EU that offer goods or services to individuals in the EU. CIM is committed to enabling marketers and their organisations to ensure they are compliant and able to drive the correct handling of consumer data throughout their business, as well as taking advantage of the opportunity it affords marketing communications.

Who does GDPR affect?

Whilst GDPR affects everyone within an organisation, marketers are particularly well placed to ensure GDPR compliance throughout their business. With a superior knowledge of the customer, marketers are able to enter into a dialogue with consumers regarding the changes GDPR will enforce, and understand what customers are willing to tolerate.

Who regulates GDPR?

The Information Commissioner’s Office (ICO) is the regulatory body for GDPR. Their latest advice and guidance can be found here.

What are the fines for non-compliance?

Organisations who are found to be in breach of GDPR after 25 May 2018 can be fined up to 4% of annual global turnover or €20 million, whichever amount is larger. This is the maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.

What does it mean for SMEs?

Under GDPR, all businesses are required to gain consent for all data collected from individuals, as well as provide clear and comprehensive privacy notices to help these individuals understand how their data will be used. For SMEs, it is particularly important to note that businesses of all sizes need to be able to prove that consent was given if they want to process any form of personal data. Any small business that processes data for a client firm may also have to demonstrate that they have appropriate data-processing controls in place that comply with GDPR.

What does it mean for large organisations?

Whilst GDPR affects businesses of all sizes, large organisations need to consider key areas of the new legislation, such as: reconsent; double opt-in; ensuring existing data is compliant as well as new; using data across European borders; and the new Data Protection Act. These are areas that will receive clarification in the coming months, before GDPR is instated.

What is the Data Protection Bill and how does it relate to GDPR?

The Data Protection Bill seeks to apply GDPR to all of those areas excluded under the GDPR, creating one regime across the board. It also aims to ‘Brexit-proof’ GDPR so that after Britain withdraws from the European Union, GDPR will still work under UK law. However, it is currently unclear when the DPA will come into force, as it requires an order by the appropriate Secretary of State.

In what instances does a Data Protection Officer (DPO) need to be appointed?

A Data Protection Officer must be appointed to a business in the case of an organisation being either: a public authority; or engaging in large scale systematic monitoring or processing of sensitive data.

How can CIM support your business?

CIM’s Data Right initiative urges organisations to take action on the issue of responsible management of customer data. We are asking organisations to make a pledge to do four things: be clear; show the benefits; show respect; and be in the know. This offers organisations the chance to be seen as a leader on the issue of data protection, and includes discounts on the Essential Guide to GDPR course offered by CIM. Our courses, articles and webinars can support your organisation in the transition to a post-GDPR period, with practical advice and guidance on navigating the new legislation.

Articles and Insights

  • gdpr_webtile_280x184px

    GDPR – the marketing opportunity

    With potential fines for non-compliance on the horizon, GDPR needs to be responded to quickly and with diligence, but marketers should also recognise the positive side of the new legislation.

  • gdpr_webtile_280x184px2

    Top five tips to prepare for GDPR

    In today’s consumer-centric world, handling customer data is a business-critical issue for organisations. After GDPR, it will also become a legal imperative.

  • gdpr_webtile_280x184px4

    7 GDPR tips marketers need to know

    Brand leaders Force24 provide seven GDPR tips for marketers, encouraging a ‘don’t panic, but act now’ approach from business leaders across the industry to ensure GDPR compliance come May 2018.

  • pi_webinar_marketers-and-gdpr_tile_280x184

    Practical Insights: What marketers need to know about GDPR

    This webinar with CIM course director Duncan Smith gives an overview of how GDPR will affect business; what marketers must do before it’s in force; and what the marketing landscape will look like post-GDPR.

  • gdpr_webtile_280x184px5

    Getting your data right

    CIM’s Data Right campaign urges organisations to take action on the responsible management of customer data. A recent CIM survey highlighted a key concern of consumers: who’s in control of their data.

  • gdpr_webtile_280x184px3

    Challenges and opportunities 2017

    In a continued period of data-driven marketing, marketers have the perfect opportunity. GDPR, with the potential fines and negative publicity for those who do not comply, must be a top priority.

GDPR Training

We offer a choice of courses, so you can learn more about GDPR in a way that suits you:

GDPR for the Marketer

An interactive online course providing guidance on how to ensure your marketing strategy and campaigns are compliant.

Book now

Essential Guide to GDPR and ePR for Marketers

A one day course by Duncan Smith, explaining how to deliver successful, lawful, profitable and ethical direct marketing programs.

Book now

Contact us

Training enquiries training@cim.co.uk | Press enquiries media@cim.co.uk


CIM GDPR - Be Data RIght