The new GDPR requirements can seem a daunting prospect for your business. They will change the way you interact with your prospects and customers, and your duty to protect their data.
These new requirements are the first update to data protection regulations for the UK since the Data Protection Act 1998. A lot has changed since then, especially when it comes to the way you collect, store and use data.
There is a lot of scaremongering surrounding the new GDPR requirements. However, whilst there are some things you may need to do in preparation, it’s likely that you’re already compliant if you’re currently complying with the Data Protection Act 1998.
Still, you shouldn’t take the GDPR requirements lightly. The appropriate handling of personal data is crucial, and a breach of the regulations could leave you with a fine of up to €20 million or 4% of your global turnover.
Below, we’ve laid out some of the most important things we think you should know about the new GDPR requirements. And don’t worry – it’s not all negative!
The definition of personal data has been updated
Your obligations lie around your contacts’ personal data.
But what exactly is personal data? According to GDPR, personal data is anything that could be used to identify an individual.
For example, names, email addresses, phone numbers… All pieces of data that you’re likely to possess. This is the data that you’ll need explicit consent to hold. You’ll also need to take active measures to protect it.
Your contacts’ privacy is of the utmost importance
This may sound like common sense, but it effectively means that you’ll need to be putting your contacts’ privacy above any of your own interests as a business.
You’ll need to have systems and processes in place to protect your contacts’ data and minimise the risk of it being lost, damaged or processed in unlawful or unauthorised ways.
It will improve your sender rating and your company reputation
You’ve probably seen the countless data breach news stories scattered across the media over the last few years. Under GDPR, these kinds of issues will not only cost you a hefty fine, but also leave your contacts questioning your ability to keep their data secure.
By gaining explicit consent to hold data, you’ll be keeping in touch with only those contacts who genuinely want to engage with your company. This will mean better click and open rates, and ultimately a better sender rating.
You will have to report breaches
In the UK, if your company breaches GDPR, you’ll be obliged to report it to the ICO (Information Commissioners Office) within 72 hours of discovering the breach. You’ll also have to inform the contacts involved in the breach.
Not only will you be likely to face a fine, but also a massive knock to your reputation.
Your contacts will have more rights regarding their data
When the new GDPR requirements are put in place, contacts will be able to request access to the records you hold on them. They’ll be entitled to receive this data within one month of requesting it.
Contacts will also be entitled to request that you erase their data from your system completely.
Your data is likely to become much cleaner
As mentioned above, you’ll need explicit consent from your contacts to hold their data. Unfortunately, this means many companies will probably suffer a large drop in their contact records.
However, as contacts will have easier access to their own data, they’ll be more likely to inform you of any errors in their details.
By cutting down and cleaning up your data, your database will contain more accurate information on prospects who are interested in your company.
If you’re worried about GDPR compliance, talk to Flowbird today. We can help you prepare for GDPR and ensure that you’re on the right side of the regulations.