GDPR and Data ProtectionEU General Data Protection Regulation

Data protection has always been a sensitive subject for businesses, now more so than ever.

The EU General Data Protection Regulation (GDPR) is one of the strictest pieces of data protection legislation in the world and carries some of the heaviest fines for non-compliance.

Among others, it gives individuals:

  • the right to be forgotten – you have to delete all data you have on any one person when asked
  • the right to object – for example, to profiling for a marketing campaign
  • the right of access to see any information you hold
  • the right to rectify any of that information

If you run marketing campaigns, you need to prove that your list members gave you ‘unambiguous and explicit’ permission to send it, either by a double opt-in or a tick box on your web page.

Your website’s privacy and cookie policies may need updating – are you sure they’re GDPR compliant?

If you’re an IT company or involved in sharing personal data, your clients may ask you for robust data protection clauses – so you need to demonstrate that you can satisfy those needs without putting any unnecessarily onerous restrictions on the service you provide.

In Summary

This may sound daunting, but it needn’t be. GDPR is an opportunity as much as a threat because those businesses that implement the legislation correctly will be the ones that profit the most.  Accountability is what it’s all about – not merely paying lip-service but demonstrating compliance all the way! Well-drafted contracts will go a long way to achieving that.

To make sure your contracts are GDPR compliant and avoid sleepless nights, call 01904 899794 to get started.