23rd August 2017
GDPR, stands for General Data Protection Regulation and is a comprehensive set of regulations which will apply to all EU members countries by May 2018.
The main objective of GDPR is to allow citizens and residents to have more control over their personal data. GDPR also imposes stricter rules to companies handling data. The regulation provides confidence and trust for consumers, that their personal data is safely managed.
This regulation will impact all businesses, organisations, and charities. Every organisation will have to comply the GDPR legal requirements when processing individuals' personal data. Basically, GDPR is the evolved and improved Data Protection Act (DPA) and PECR. Protecting consumers' personal data and privacy will be the number one priority for any business. An additional layer for charity consideration is the introduction of the new Fundraising Regulator.
In order to comply under the GDPR requirements, actions need to be taken. GDPR will potentially impact on various processes within your organisation. Failure to comply will bring financial consequences in the form of potential fines. You will need to consider your website security and how you can capture and manage your data correctly. The actions involved are time-consuming, below are some key factors you'll need to consider.
First things first, you'll need to audit your data capture and data storage areas to assess your situation with regard to compliance with the current DPA / PECR and with the incoming legislation. Question your current performance. Find out where the flaws that could lead to a violation are and who are involved in data, this includes any interaction and integration with third parties. Your organisation will need to provide clear explanation as to why you are collecting personal data and how you intend to use it, this is called a privacy statement or privacy notice. Without explicit, dated consent, your data is worthless. This also applies to your third parties. You should thoroughly examine and interrogate all existing data and any records that would be considered non-compliant in 2018. They should be either deleted or made compliant by May 2018. Secondly, do your research. As this is a hot topic at the moment, plenty of help is available online.
{video}/assets/video/SBS screen final.mp4{/video}
As a creative digital agency, we are able to:
If you have any questions regarding GDPR and your website data capture, feel free to contact us!
For more information, please visit or follow the below: Data Protection Self-assessment ToolKit, ICO Information Commissioner's Office, Twitter: @iconews Institute of Fundraising,Twitter: @ioftweets