Data Protection Update – Winter is upon us.
Data Protection Update – what does it mean?
Strange that every update I’ve written about the EU Data Protection update (now known as GDPR) seem to be linked to Game Of Thrones. The correlation continues, as in the week the EU Data Protection update (GDPR) were agreed, and guess what… Game Of Thrones began a new season (season six if you were wondering).
Whatsmore, the new Data Protection update (GDPR) will take two years to come into effect. Game of Thrones has two more seasons. So when Game of Thrones ends, the EU Data Protection Regulations will come into force. As I said in the first blog post, winter is coming, and in two years time it will arrive (for both marketers and most likely in Game Of Thrones).
So down to business…
What does the EU Data Protection Update (GDPR) mean for You
The General Data Protection Regulations (GDPR) are a game changer. You need to know the details and you need to act on the details.
The changes affect the following areas.
- How you collect data
- How you use the data you collect
- Your bottom line – if you get this wrong, you will be fined and that could mean a lot of money.
It’s a complex subject, so we are going address this piece by piece, and in the spirit of the (GDPR) data protection regulations we are going to do our best to use simple English to it’s easy to understand.
This post focuses on data collection points 1 and 2.
Collecting data from people.
Let’s start at the beginning – the point you collect data from ANYONE! That’s B2B and B2C.
You need to make sure that you are communicating the following information to the person you are collecting the data from.
- Your contact retails and the details of your data protection officer (yes, you will probably need one of those).
- Why you are collecting this data from the person, i.e. what you are going to do with the data.
- If the data is going to be used by a third party, who will receive or use the data.
- Make sure that the person knows of their rights to erase or amend their data.
- Make sure they know how long you are going to keep it the data for.
- If you need to collect the data as a part of what you do – i.e. they can’t use your service without this information – you need to be clear about this, and why it’s important.
- Make sure you get consent from the person, and make sure they know how they can remove their consent.
- If you are profiling, you need to make sure people are aware that the data they are providing will be used for this purpose.
- Show them the route to complain about any data processing issue.
- And finally, if you change any reasons related to how you use and collect data you need to make sure everyone knows.
OK, that’s a long list and I’ve tried to use simple and clear English. You will have to do the same when you communicate this.
- Use a big font.
- Use clear English, avoid legalese.
- Make sure the most important details are at the top – (who you are, and what you will use the data for)
- If you need to go into lots of detail – use a summary and hyperlink this to a more detailed page.
Do you need a data protection officer?
If you are dealing with a lot of data, e.g. an e-commerce business, then yes. It’s likely you will need to appoint a data protection officer for your business, irrespective of the size of your business.
So that’s the starting point, more detailed information can be found from the excellent DMA GDPR microsite and also from the Information Commissioner website (they will soon be sitting on the Iron Throne)
Please share this with your peers and let us know your thoughts and questions in the comments box below
Also published on Medium.