General Data Protection Regulation
The GDPR will apply in the UK from 25 May 2018. It is a unified set of regulations governing how organisations in EU countries capture, process and hold personal information. The consequences of non-compliance are significant with fines as much as 4% of your Company’s global turnover. Brexit has not affected GDPR as the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The Basics – What you need to know
- Comes into effect on 25 May 2018
- GDPR applies to everyone and every company (regardless of Brexit)
- The GDPR expands liability beyond data controllers (meaning you are responsible for any personal data that you come into contact with eg: prospects)
- GDPR makes no distinction between B2C personal data and B2B personal data.
- GDPR will not affect current TPS telesales laws
Buying Data – What you need to know
- You must have unambiguous consent for any personal data you own or store. This means a double opt in must have taken place for any data you have within your database.
- Data Suppliers will have to make their data lists aware of the type of businesses their data will be sold to. For example, a warehouse will have to be made aware that security companies might purchase their details.
- As long as the data supplier is reputable and follows the GDPR laws and regulations, purchasing data is still allowed.
Storing Data – What you need to know
- In regard to storing data the CRM organisation will become a ‘Data Controller’ and the cloud, where everything is stored, will become the ‘Data Processor’. It will be the data processor’s responsibility to protect the information it handles and stores on behalf of the data controller.
- Data controllers will have to demonstrate they have checked that data processors are also taking appropriate security measures, to protect personal data pertaining to customers, employees and contractors.
- You will need to give your contacts a right to be forgotten and to data portability. This means that you will be required to delete information about a person or business if they request it to, and the person or business will be allowed to move data from one cloud provider to another.
- For longer term storage eg: un-subscriber details, you would be allowed to remember their opt out to ensure they are not brought back onto a data list within your system.
B2B – What you need to know
- An Unambiguous Opt In will have to have taken place for any data you own
- Contacts in your database will have a right to be forgotten, meaning you will have to be able to completely remove a contact from your database and any information you have against them
- Any forms on your website must have an unambiguous opt in, email subscribe option.
- Any Suppliers eg: CRM Suppliers, must be compliant and you must have proof that they are.
- You must be able to provide clear details on information being stored for a company, if requested.
B2C – What you need to know/will be able to do
- Informed about how their data is used
- Move their data across service providers
- To erase or delete their personal information from any supplier database
- Access to the personal data an organisation holds about them
- To be able to correct inaccurate or incomplete information
- Ensure all suppliers that store or collect data are compliant with the GDPR eg: have unambiguous opt ins in place
- Any data they collect is double opt in
- You must give their contacts the right to be forgotten on emails, as well as the option to unsubscribe
- Any company they are contacting via phone must be TPS registered
Rest assured, KulaHub, are making preparations well ahead of GDPR coming into force in May 2018. We will support you by ensuring the KulaHub system is enabled to:
- Ensure web forms (eg. newsletter sign ups) have the unambiguous opt-in capability
- Ensure you have an easy way of being able to provide customers with full detail on any information you hold for them
- Ensure you have the ability of to enable your customer’s ‘right to be forgotten’ and make it easy for you to completely erase all information that you hold for an individual
- Ensure you have one single view of a contact with full traceability by ensuring all activities such as emails sent, notes added, forms completed, documents attached, etc are recorded against the contact record to give a detailed and historical activity list
For more information please visit: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Should you have any further questions, then don’t hesitate to contact your account manager on 0845 299 3749.