GDPR: What it means to the SME

What is GDPR?

GDPR is the new General Data Protection Regulation (Regulation (EU) 2016/679) being introduced within the EU on 28th May 2018. This regulation will dictate the future of the way that organisations hold and use personal data. Whether for marketing purposes or for general sales and other related activities the way we manage and hold data will need to change or organisations face extensive fines.

I don’t know about you, but for me as a marketer when I first heard about this I had two thoughts go through my head. Firstly, I thought “Oh no, I’m not going to be able to market to my customers.” Secondly, I thought “Great, no one is going to be marketing at me.” However, there is a lot more to GDPR than just email marketing

The underlying reason that GDPR has come about is that the existing regulation is disconnected and not being effectively policed. Too many people were abusing and violating privacy and policing the regulations was difficult. Now we have a single regulation that is quite black and white and clear bodies identified to enforce the guidelines and dish out extensive fines to those that choose to ignore the law. In the UK for marketing, this organisation is the Information Commissioner’s Office (ICO).

GDPR dictates the types of data that can be held, how long it can be held for and the use of the data. The key term relating to this data is “reasonable”. What is a reasonable amount of time? What is reasonable usage? This will be up for a lot of interpretation and potentially redefine the landscape of what is and isn’t reasonable.

Right now, we are in the countdown phase to the legislation coming into effect and arguably if we’re not already thinking seriously about getting compliant, we are in for a very busy new year. A lot of organisations are aware of the tsunami that will be GDPR and think that they can get it implemented across their businesses in a month… think again. We’ve already started working on our GDPR solution and I’m sure many other companies out there have too.

Jeremy Bowman who is our Director of IT and Information Security, will be sharing a little more meat behind what we are doing and the implications of GDPR with ISO27001 compliance in the next month. From a marketing perspective, it means we’ll start asking for permission to market to our customers beyond May 2018 with positive opt in and the date recorded. Additionally, we will need to build in our process on how we remove the data for the lapsed contacts and how we remove their data.

Lots more will be happening in the next few months but GDPR is not going away and will be the hot term of 2018.

By Daniel Swann