There is a lot of information buzzing around social media about the general data protection regulation update coming in May 2018. Unfortunately, there are some myths floating around too, so we thought we would bust some myths to help you get prepared for the switchover.
There is a transition period after the 25 May 2018
Wrong! This now, this is your transition period. You need to be ready to be compliant for the 25 May. You have plenty of time, so don’t panic! Lots of resources out there.
It’s a totally new law
Nope, it’s a new rendition of the Data Protection Act 1998 – except this time the loop holes have been closed and all of Europe is going to be compliant against the same guidelines. If you are already 100% compliant with DPA, you might just need to do a little bit of updating and checking – but you will be fine. If you aren’t compliant with DPA, it’s just getting in line with that and not skirting around the clauses. It’s mainly big corporations who hide their privacy notices in big T&C’s pages that no-one reads that need to change their practices. Make sure you can justify a reason for every bit of data you capture, providing transparency to people provided their data on what you are doing to be using it for.
We’re going to get fined millions of £!
It’s fine, that’s not true – the Information Commissioners Office (the guys responsible for fining) WANT people to succeed. They are here to help, not fine companies! They have really helpful guidance and blogs on their site, and if they find your company is not compliant after the deadline they will give you advice on how to get compliant. It’s if you ignore their enforcement notice that you will become vulnerable to be charged.
It’s all about consent
Don’t get me wrong – get consent and don’t trick people to signing away all of their privacy. However, it’s more about transparency and justification than consent. If you need to collect data that is justified – then consent is secondary to justification. It’s all about the WHY.
With the right to be forgotten (or to give its proper name – the right to erasure), people have the right to withdraw consent – so make sure you aren’t solely reliant on consent.
Technology is the biggest worry
The biggest risk to data protection is people. Disclosing information in error, losing laptops or mobile phones with data on there, not encrypting sensitive data. These are the biggest reasons for data breach in the UK.
If you want to know more about GDPR, visit the ICO website for guidance and advice.
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. This blog provides background information in relation to understanding GDPR and its effect on you and your marketing practices – this is not the same as legal advice. If you would like legal advice on your GDPR practice, please contact a solicitor.