General Data Protection Regulation

Are you ready for the GDPR? Without thinking about it too deeply right now, start with your gut reaction and answers to the following questions…

  • Have you started preparing for the GDPR?
  • Do you know how long you have left to get ready or finish getting ready?
  • Do you know when a Data Protection Impact Assessment needs to be carried out?
  • Do you understand the day to day impact this will have on your business, especially for marketing activities?
  • Do you know what the consequences are for your business if you are not ready in time?

If the answer is no to any of the above, we would suggest you get in touch with our data protection team at CCW.  Even under current Data Protection regulation, in this case, the Privacy and Electronic Communications Regulations, businesses are already being fined for trying to ‘tidy up’ their customer data in advance of GDPR, and getting it wrong – see this link:

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/03/ico-warns-uk-firms-to-respect-customers-data-wishes-as-it-fines-flybe-and-honda/

In short, most if not all businesses will be affected by this new law, and in some cases an entirely different approach will need to be taken for day to day operations and how personal data is dealt with. In particular, the question of how and on what basis the information you already have on your databases (whether for marketing or other purposes) will require review. As for new data, there are steps you can take during the next 12 months to ensure future use of that new data is compliant.

The bad news is Brexit (in case you were hoping) is likely to make no difference. The really bad news is that there is another privacy law waiting in the wings which will cause additional impact on top of GDPR (and, under present proposals, at about the same time). The good news is there is still time to start getting your procedures compliant (just under a year) but such compliance involves a lot of planning.

CCW can help you prepare for GDPR, including the preparation advisable before you contact the Information Commissioner’s Office (as suggested by the ICO in the link above) in case you are already in breach under the current regime.   In short, don’t bury your head in the sand around GDPR. Contact Emma Arcari or Stephen Cotton at CCW for advice.