A Guide to GDPR

GDPR, General Data Protection Regulation (GDPR) will take effect from 25 May 2018 and impacts every organisation that uses personal data from EU citizens.

The main points you need to be aware of (as issued by the Information Commissioner’s Office (ICO) as draft guidance and listed by the DMA) are:

  • Unbundled: Asking for consent should be separate from other terms and conditions, so individuals are clear what they consenting to. Consent should not be a pre-condition of signing up to a service unless it is necessary for that service.
  • Active opt-in: The GDPR makes it clear in the recitals that pre-ticked boxes are not a valid form of consent. Clear opt-in boxes should be used.
  • Granular: Where there are various different types of data processing that may occur, allow for separate consent as much as possible. The ICO want organisations to be as granular as possible which means giving consumers more control over what they’re consenting to.
  • Named: Always tell individuals who your organisation is and name any third parties that the data will be shared with. The draft ICO guidance states that terms like ‘we will only share your data with other men’s clothing retailers’ are not specific enough. The individual organisations that the data will be shared with need to be named.
  • Documented: Maintain records of the consents you have. Record the following information: what the individual has consented to; what they were told at the time; and the method of consent.
  • Easy to withdraw: Individuals should be easily able to withdraw their consent. Organisations must put in place simple, fast methods for withdrawing consent and tell individuals about their right to withdraw consent.
  • Freely given: Consent should be freely given by individuals.

There are consequences if you fail to comply to these new changes which include fines, individual lawsuits and compensation claims therefore we encourage everyone to look at their existing policies and get prepared no matter what size of business.

Here are a couple of ways in which you can prepare:

You can view our GDPR Privacy Policy Builder and visit our GDPR Facts page here.

If you would like any more information, please do not hesitate to contact Lydia who will be able to help you and point you in the right direction.

Related posts