The GDPR has been a hot topic for some time now. However, with the deadline for compliance just weeks away it has become even more crucial for businesses to be able to demonstrate its integration into an enterprise. If your business isn’t up to scratch yet don’t panic – there are some simple steps that you can take to ensure you get over the GDPR line in time.
What does the GDPR require?
- New rules on consent. You need to be able to show that you have obtained specific and unambiguous consent that was freely and proactively given.
- Data breach procedures. Businesses will have just 72 hours to report a data breach once the GDPR is in force. To avoid the large fines that are likely to ensue, compliance is going to require new, swift data breach response processes to be put in place.
- Lawful basis. Every organisation processing data needs to have a lawful basis for doing so. What constitutes a lawful basis is defined within the GDPR.
- Clarity on data use. Where data is being used, you’ll need to be able to show how data is going to be used and that the person that data belongs to understood the purpose at the point that consent was given.
- Refreshing the data that you have. It’s highly likely that where detailed data is being obtained this will need to be refreshed fairly regularly.
- The need for a Privacy Impact Assessment. This will arise if you’re handling sensitive data and planning to treat it in a new way. The idea is to enable the business to highlight where this might impact on the individual and also to ensure that there is legal compliance.
- Subject Access Requests. When the GDPR comes into force you may find that more individuals get in touch to request access to the data that you hold on them. There will be a time limit of 30 days to respond in order to ensure compliance.
If you’re just not there right now
- Don’t sit on your hands. If you’re not ready for the GDPR then you do need to start taking action. Make sure you’re undertaking your best efforts to ensure compliance within your business if you want to avoid the potential penalties that could be imposed for failing to meet its standards.
- Stick to verified permissions. If you’re just not going to be able to verify everyone on your database in time for the May 25th deadline then only communicate with those you already have verification for. It’s far safer to do this while you finish up your verification processes than to take chances.
- Call communications to a halt. Yes, really. If you’re totally unprepared and not at all compliant then it might be worth bringing your comms to a complete stop until you are. With potential penalties of €20 million or 4% of annual turnover it’s just not worth the risk.
There are many ways to ensure you’re ready for the GDPR when it arrives this month. If you’d like to find out more about how a CRM could help please get in touch with MarketDeveloper today.