On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR replaces the Data Protection Act (DPA) and ushers in expanded rights to individuals and their data, and places greater obligations on businesses and other entities that process personal data.
Even though GDPR compliance may seem like a daunting task, instead think of it as a positive opportunity. In fact, experts have argued that the GDPR is—in fact—a marketing opportunity. While competitors fret over how to comply, be proactive by cleaning your prospecting list, which will allow for targeted marketing that builds trust.
Use the next several months to audit your data and get consent from prospects and clients. Doing the work now will ensure that come May 2018 your prospecting list is clean, targeted and efficient. Consider using content to incentivise consent, which positions you as a thought leader and promotes trust and transparency with your contacts. To help you become GDPR compliant, follow these 6 steps:
- Awareness: Make sure that your organisation is aware that the law is changing.
- Information you hold: Document what personal data you hold, where it came from and with whom you share it.
- Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes.
- Individuals’ rights: Check your procedures to ensure they cover individuals’ rights, including how you would delete personal data or provide data electronically in a commonly used format.
- Subject access requests: Update your procedures and plan how you will handle requests within new timescales.
- Lawful basis for processing personal data: Identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
To see the Information Commissioner’s Office’s full 12-point checklist for complying with the GDPR, click here.