In simple terms GDPR stands for the General Data Protection Regulation and it is the new rules, laid out by the Information Commissioners Office (ICO), to control what data businesses hold and how that information is used. The new rules come into play in May 2018 and the maximum fine for breeching the new rules is 4% of Global Turnover or £20 Million.
After that things get more confusing and looking at the ICO website is more likely to add to the confusion, rather than clarify things.
First of all you need to know that GDPR applies to personal data, not to business information. However, if you hold information about individuals in their capacity as employees that might be covered by GDPR. But for most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference.
Key changes are that every company that holds data should have a named person as Data Controller. They are responsible for auditing data to map what data is held where, is personal data held on your website servers, CRM, Accounts programs, Quotes, Outloook, Mailchimp etc.
Having a plan and procedure to allow people to know what data you hold and how that can be deleted (the right to be forgotten) is a fundamental part of GDPR.
Putting in place systems to ensure the data is accurate and up to date is the next step to being GDPR compliant. For more information on the steps you need to take the ICO have issued a Fact Sheet
Now that all sounds a bit worrying and draconian but there is a huge opportunity here too. Having a smaller database might seem a bad thing but having a focused database that is up to date, accurate and integrated across all your platforms is not only good housekeeping but is marketing gold dust.
Take the opportunity to contact your database proactively and explain why you need to make sure your records are up to date, with a few added benefits and reminders of your service. Just this basic interaction is almost guaranteed to create sales opportunities from dormant contacts.
The important thing is to take action early. Don’t wait until May next year and end up panicking. Act now by mapping the data held across your organisation and put in place a plan to ensure when GDPR comes into force you are ready and compliant.