If you’ve heard about this and are already preparing your business congratulations, if not then you really need to be aware of the changes coming our way that will most likely affect all businesses in the UK in 2018.
So what is GDPR? It stands for ‘General Data Protection Regulation’ and it is designed to bring all European countries into line on matters of personal and commercial data protection enforcing such policies on all member states (surprisingly not all have robust policies). Of course it’s long overdue bearing in mind how much has changed with managing personal data since the Data Protection Act of 1998 was brought into being in the UK.
Many consumers are in the dark about how their own data is managed and might incorrectly assume that their data only ever shared by unscrupulous businesses. But this is clearly not the case, and in fact may be worse amongst those perceived as forthright businesses. Why? Well those who are forthright comply with existing legislation and their customer’s rights to privacy. So companies send data off-site for processing against a host of suppression files: bereavement and deceased registers including infant mortalities [different sources], goneaways, mailing preference service [MPS] and then cleansed against the Postal Address File [PAF] before being made ready for use. They may also be cleansed against the Royal Mail’s postal movers file (Change of Address) to maintain contact with customers who overlook notification. All these are legitimate activities which safeguard data. However, it’s the sharing of this information that is necessary in order to provide consumers rights.
But on the 25th May 2018 the new GDPR comes into force but only after the UK have repealed the existing Data Protection Directive 95/46/EC.
I said in my opening paragraph that this ‘will most likely’ affect all UK businesses. I say ‘most likely’ because the rules have been passed in the European parliament, and at the time of writing this the UK hadn’t served Article 50 on the EU invoking Brexit. However, having held conversations with Information Commissioners Office (ICO), I understand their policy writers are currently being kept busy coming to terms with the detail, so I wouldn’t bet against it being introduced in the UK regardless of the Brexit vote. Besides not following particular regulation would be like shooting yourself in the foot immediately after you’d been told you’d made the track and field team. The UK wants to continue working with EU member states and to do so, it’ll need to prove it has their interest at heart and that can surely only mean full adoption of the GDPR.
The ICO has produced an ‘Overview of GDPR’ and a 12-step guide to start taking now. We’ve already started working on this with our own clients and I’d recommend you do the same. You can access both these documents on the ICO’s website, the first of which can be accessed via this link;-
Should you need our support with any of this, please contact us through our published contact details shown on our website, or alternatively you can obtain the EU’s 90 page document containing are the various articles on line via the Official Journal of the European Union.