BLOG: How will the GDPR Law affect growing businesses?
Janice Mears, Commercial Broker at Liverpool City Region Local Growth Hub, gives some top tips to help businesses across the Liverpool City Region prepare for new data protection laws coming into force in less than 23 days!
For businesses across the UK, Europe, and indeed around the world, the General Data Protection Regulation (GDPR) is coming into view. The EU measure, which comes into force on 25th May, is aimed protecting the personal data of individuals and replaces the data protection directive.
If you consider that the data protection directive was adopted in 1995 and then consider the advances of the internet, technology and data use since then, you’ll begin to see the need for the GDPR. The world is far, far more connected and data-driven than then, so it stands to reason that more now needs to be done in order to safeguard people’s personal data.
Of course, this means that businesses have work to do in order to be compliant with the GDPR by the time it comes into force and to continue being compliant with it afterwards. And not just businesses in the EU, but businesses than have any dealings within the EU, meaning Brexit doesn’t do much to limit its impact. Fortunately, the Information Commissioner’s Office (ICO) has guidance for UK businesses in the form of an online guide, but for growing businesses, the impact falls into a few main categories.
Therefore below are some things to consider!
Preparation is key!!
All businesses need to understand what the GDPR will mean for them and then ensure they are compliant by the time it launches. As a general rule, the bigger the business, the more preparation will be required, but these are some of the main requirements which you should already be in the works:
- You need to make sure that the decision makers and key people in your organisation understand what is required by the GDPR and some larger organisations may need to introduce a formal Data Protection Officer position.
- You need to know what personal data your organisation keeps, make any required changes to your privacy policies, put procedures for handling the new rights that individuals have and review how your organisation gains consent for processing data.
- You need to make sure you have procedures in place to detect, report and investigate any breaches of people’s personal data that you have and identify procedures for any cross-border data processing that your organisation carries out.
Sales & marketing
The GDPR required that consent is gained for the specific purpose that data will be used. If the consent that an individual has already given is compatible with the GDPR, then a company can continue to use their data as agreed. For any other purposes, though, fresh consent must be agreed.
This has the potential to hit sales and marketing activities very hard. Most obviously of all, companies that are sending out emails to large mailing lists for which less specific consent was gained may have to stop sending those mail-outs. Similarly, contact data received for sending newsletters could no longer be used to make sales calls.
Although most businesses will have work to do to and, subsequently, money to spend ensure compliance with the GDPR, it’s not all doom and gloom. Indeed, the introduction of the regulation presents a number of opportunities for businesses.
- Audit data: As businesses have used more and more online services over the years, their data has proliferated and been segmented. Few could easily say where all of their data was. The GDPR will not only require most businesses to find this out, but will give them an opportunity to develop an understanding of what data is where, how it is currently used and how it could be used in the future.
- Clean databases: Similarly, most businesses have databases of contacts that may be years or even decades old. Now there is an opportunity – albeit enforced – for companies to identify what data they need and get rid of everything they don’t, like ex clients, old email addresses and redundant contact info.
- Tailor comms: The GDPR forces to consider exactly what we will be using data for and what marketing and sales communications it will be used for. It’s also a chance for businesses to review their wider communications strategies and identify areas in which they could build on new activity.
- Build trust: By bringing themselves in line with the GDPR, businesses are making themselves inherently more trustworthy to consumers. It can be a chance to build upon the activities that have been carried out and build trust further with consumers, talking openly about how data is used and providing transparency for individuals.
For advice and support on GDPR contact your regional Local Growth Hub broker to find out the support available for your businesses