Like all businesses, we have spent the last few months getting to grips with what the much talked about GDPR legislation, coming into effect today, means for us.
Organisations in serious breach of GDPR can be fined up to 4% of annual global turnover or £20million (whichever is greater). A data breach has to be reported within 72 hours. Rules apply to both data controllers and processors, meaning ‘clouds’ will not be exempt.
Although the key principles are the same as the Data Protection Directive that it has replaced, GDPR brings changes to the regulatory policies. The aim of the EU General Data Protection Regulation is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
We set up a project group led by Partner Will Abbott, with representatives from IT, Marketing, and HR to create an action plan.
With our Cyber Essentials Plus certification, Richard Szarszewski, IT Director, has demonstrated that we are committed to protecting our systems so that our clients and contacts can take comfort that their information is not at risk from cyber-attack. Most of the required processes and procedures are in place but we have also recently implemented ISO27001, a framework of policies and procedures that encompasses people, processes and IT.
We have hosted several GDPR workshops, organised by Circle2Success and featuring Professor Benham of The Cyber Club and partners, which have enabled us to keep abreast of GDPR as it evolved. These gave us the opportunity to hear different viewpoints and ask questions of the experts so we are confident we will be compliant.
From a marketing perspective, we require positive opt-in from the contacts on our email communication list to receive our newsletters and In Focus. Although legitimate interest would have been a sufficient basis to continue to email our list, we decided to follow best practice and use it as an opportunity to ‘clean’ our list to ensure we are sending newsletters to those who want to hear from us.
We have recently sent a couple of emails to our list before the GDPR comes into effect today and have asked for confirmation that recipients of our newsletters would like to continue to receive them by email whilst confirming we are using their preferred email address. To date we have received postive opt in from our ‘active’ database.
If you don’t receive our emails and would like to, please subscribe at www.randall-payne.co.uk/sign-up.
There is lots more to know about GDPR and the best source of information is the ICO website – www.ico.org.uk
Contact Fiona Hughes for more information by emailing email@example.com or call 01242 776000.