Author: Adam Williams, Managing Director of DBS Data
On 14th April the
European Parliament approved the General Data
Protection Regulation (GDPR) text. For
many organisations that are already on the path to ensuring adherence to the
new ruling, this announcement will not be a cause for concern. However, for
those that are behind schedule, or are yet to begin preparations, then I
suggest sounding the alarm.
The aim of the GDPR is to support consumer
rights and at the same time provide clarity for businesses, by establishing a
single law across the EU.
What worries me is that there is a
misunderstanding in the industry that just because the GDPR does not become
enforceable until July 2018, it means they are safe from being
penalised between now and then. This is not the case, even if there is a Brexit!
Organisations need to be aware that If a significant number of complaints are
lodged then a company is likely to find itself on the receiving end of a substantial
fine from the Information
Commissioner’s Office (ICO), and in the firing line from the national
media, bringing with it further reputational damage.
The truth is, all
the 2018 date really means is that a company could be singled out if they fail
to comply, even if they have not received any complaints. But let’s be
realistic, are companies really going to be flagged for investigation if they
have not been complained about? The 2018
enforcement date is a misnomer and organisations dragging their heels need to
pick up the pace and focus.
The GDPR
warrants close inspection but some of the key questions you need to ask
yourself are…
·
You have the appropriate consent for each data
subject
·
You have an adequate retention policy
·
Your suppression processes are timely and robust
·
Your database records consent and engagement
dates and location, consented categories and channels
It is important
to note that brands and agencies alike must take responsibility for conducting
their own adequate due diligence.
My advice to all
that will be impacted by the GDPR (and that is every EU organisation with
customers!) is to focus on the here and now, don’t think of it as a two-year
grace period (it isn’t) get compliant as soon as possible.
