GDPR: We’re getting ready…Are you?
The new General Data Protection Regulation (GDPR) comes into force on 25th May 2018, but how will it affect you and your members? Here’s five key things you need to know now:
1. It’s increasingly about ‘consent’ and the ‘lawful processing’ of data
GDPR brings a whole new focus to ‘consent’, or opting-in to communications and activity. For example, you need to actively gain consent (no more of those pre-checked boxes) and you must record that consent. Consent is also ‘granular’, i.e. people can consent to some things but not others.
2. Individuals will have more rights
Individuals have many more rights under GDPR, including the right to be forgotten, the right to move data from you to another platform (portability), the right to restrict data processing and the right not to be subject to automated profiling. This last one will have implications for you if you use an email marketing platform or do any online profiling of your contacts. Yes, that includes Google Analytics!
3. Your policies will need to be updated
Your cookie and privacy policies will need updating as will your internal data protection policy and all your consent notices. Do not underestimate how much time this could take. For example, your internal data protection policy will need to include a section on how you will detect, report and investigate data breaches.
4. You need to name any third parties you share data with
You will no longer be able to have the catch-all ‘We sometimes pass your details onto interested third parties’ check box option. If you share data with third parties you need to specifically name them at the point of consent and once again capture that consent along with the specifics of each consent.
5. Brexit will NOT affect the UK’s adherence to the regulation
If you have to comply with the current UK Data Protection Act 1988 or deal with anyone in the EU after May 2018 then you will have to comply with GDPR. Basically, if you store or manage data on individuals (members) then this change in regulation will affect you.
How we’re getting ready
We here at smartimpact have been, and continue to, work hard to make sure that our CRM solutions comply with GDPR and continue to protect member data. We are working closely with our clients and third party partners, such as Microsoft, to ensure compliance is built into the very framework of each system we deliver. This includes the right to be forgotten, the portability of data and privacy by design along with consent tracking and granular preference services.
We also believe in close integration between your website, membership/marketing teams and CRM to provide a central repository with audit history on all members’ consents captured.
It’s not long before GDPR comes into force – now’s the time to get your head around it all and develop an action plan. You can get a lot of information on GDPR from the ICO website (such as the 12 Steps to Take Right Now), from Microsoft (check out their GDPR Trust Centre website) and we are here to help and advise.
Call us on 0845 544 2043.