GDPR - the Pain and the Possibilities

A lot has changed over the last two decades, from the way we live our lives to the way we do business. Just twenty years ago the internet was in its infancy, most people didn’t own a mobile telephone and the fax machine was an office favourite. Today we have super-fast broadband, everyone and her grandmother owns a smart phone and the idea of communicating via fax is frankly funny.

Two decades on and we are all now part of the Internet of Things — increasingly online and increasingly connected. We organise our lives and run our businesses via the internet, which means there is now a plethora of personal data all floating around out there in cyberspace. And this is why the EU is implementing the new General Data Protection Regulation, which comes into force in May this year, to address this massive digital shift and to make businesses more accountable for the collecting, storing and processing of all this private information.

Make Sure Your Business is Ready for the GDPR

On May 25th 2018, the new General Data Protection Regulation will replace the Data Protection Act 1998 and it will impact your business. Whether you’re a large national organisation holding banks of marketing prospect information and online identifiers or a micro company with one employee, if you handle any personal data belonging to EU citizens, be that personnel, prospect or customer information, the new GDPR will apply to you.

The vast majority of businesses collect or hold some amount of data from third parties, customers or prospects. After all, a healthy business feeds on a proactive marketing approach. From 25th May things will change, and to hold, store or process personal data you will need to have an established legal basis to do so, and documentation to support that.

The GDPR will require your business to regularly assess, record and document compliance.

You will be expected to keep clear data records, make any data breaches in your organisation known within 72 hours and give individuals the opportunity to right to remove their details easily from your database at any time.

Power to the People

Essentially, the new General Data Protection Regulation gives individuals more rights. The personal data of all EU citizens will become increasingly protected and your company will become accountable for the safety of all the personal data you hold. Your business will become responsible for obtaining, storing and processing personal data securely and will have to be able to demonstrate it too.

How the GDPR Will Impact Your Business

Without a doubt, preparing for the new GDPR is going to be majorly disruptive for most businesses. You’ll need to be aware of all the personal data you hold and know where it is located; you’ll need to know who exactly has access to this information and know how it is managed.

A Few Things to Consider in Your Preparation

Audits & Accountability

An internal data audit will be necessary to establish what data you hold and where. Some organisations will need to appoint a Data Protection Officer to deal with data security and to manage the processes involved. You’ll need to be able to evidence and demonstrate the legal basis on which you hold personal data.

Transparency

It’s likely you’ll need to review and update your company’s privacy policies and statements to ensure transparency under the new regulation. Your GDPR-ready policies should give individuals more ‘clear and understandable’ information about how their personal data is used. The Information Commissioner’s Office will require your privacy policy to unambiguously inform people who you are, clarify what you are going to do with their information and inform them what use is being made of their details.

Removal & Access Requests

Under the new GDPR, every person has the right to access the data you hold on them and, in certain circumstances, the right to be forgotten. If someone requests access to their data, you must send this to them free of charge and within one month of the request; this information can be requested in an electronic format so it can be transferred to an alternative data controller. If asked, you must also delete an individual’s private data from your database and make reasonable steps to inform any third parties.

It may be tempting to bury your head in the sand or to feign ignorance in the face of so much disruption — but the new GDPR simply can’t be ignored.

Failure to ensure your enterprise is compliant by the date the regulation comes into play and you put your business at risk. Serious breaches could cost you up to 4% of your annual turnover or 20 million Euros in fines. So it’s best to be prepared.

New Rules, New Opportunities

The fact is the new GDPR is going to happen and it will still be applicable to your business beyond Brexit. It would be a costly mistake to assume that as it’s an EU directive it will only apply to the UK for a short time. Even when we have left the EU, UK data protection laws will need to be in line with the EU’s.

But as with many things in life, what you get out depends on what you put in. Approach the new GDPR in a positive way and you’ll see that these inconvenient new rules can bring with them new opportunities for your business.

The new GDPR offers a great opportunity to sort through and better understand your data landscape. It’s always a good idea to periodically examine the data processes and procedures within your business and this new regulation offers the possibility to clean up outdated practices, to clear out useless data and to implement new, more effective ways of doing things that will benefit your business in the future.

No one likes to feel forced into doing extra housekeeping, but it is possible to find value in the cost of compliance.

Making your data collection truly transparent and your security systems safer will only help to build customer trust and benefit sales. 

How Market Location Can Help You

The new GDPR will bring with it many changes to your B2B sales and marketing activities. And you’ll need to know you’re compliant and not running the risk of fines.

But if the thought of auditing all your current data, keeping your data up to date and ensuring your data procedures meet the new regulation brings you out in a GDPR-induced sweat, we can help.

As we hold the premier B2B database of UK businesses, we fully understand and comply with the procedures as defined in the GDPR and this compliance is at the heart of everything we do. Our large inhouse call-centre constantly verifies records, making 10,000 outbound calls a day, to make sure your B2B data is safe, compliant and of a high quality. We communicate regularly with data subjects, explaining what their data is being used for and offering them the ability to modify their data.

In an increasingly competitive marketplace, you need your marketing efforts to make an impact and make a difference to your sales. We can produce a full audit of your data, highlighting where details are out of date or businesses are no longer operational. This will help to clear up your database and improve the quality of the data you hold, reducing the volume of postal returns, bounced emails and disconnected calls.

But it’s not just the Data Protection Act that’s being updated to become the new GDPR, the Privacy and Electronic Communications Regulations (PECR), which has provided privacy rights concerning electronic marketing since 2003, is also changing. Currently at draft stage, there is currently no date set for the new ePrivacy Regulation to come into force.

As our society quickly changes, so do our rules. But with Market Location you can trust your B2B data is of high quality, compliant and the best for your business.

A lot has changed over the last two decades and this shows no sign of slowing down. So if you need a stress-free solution to the new regulations and want to feel confident about the B2B data you use for sales and marketing in your business, contact us and turn the pain of change into new possibilities.

Jane Bray, March 2018