Falling Foul of The Law – GDPR

We are all well aware of the introduction of GDPR, you would have had to have been hiding underneath a very large rock to have missed the introduction of the introduction of the most serious change to data protection law in over twenty years.

However, despite the awareness of the law, there are still many organisations who have not prepared themselves for GDPR and run the risk of massive fines. Research by vpnMentor has shown that over two thirds of UK business websites are not GDPR compliant.

This is a serious concern, the writing has been on the wall for a long time and there is no excuse for non-compliance. The risks are massive with the risk of up to €20 million or 4% of annual global turnover.

Here are the top five things you should check now to ensure you are complying with the GDPR regulations:

1 – If you handle data you must be registered.

This is not new, the Information Commissioner’s Office has required companies which control data to be registered for many years, however there are still many organisations who are not listed on the database and hold themselves at risk of a fine.

From HR or customer data to CCTV images, whatever data you use within your company you need to register online. The cost is minimal and it can be done simply and quickly by visiting the ICO Website .

2 – Opt-In is King

Okay, we know in the past, there were times when the opt-in box for communication may have been pre-selected or hidden in a mix of text. Today this is a massive ‘no no’.

If you request data from individuals you need to be totally transparent, telling them what you will be using the data for and who, if anyone you will be sharing it with. Then, and only then do you give the individual the opportunity to select if they wish to go ahead.

This must be a clear opt-in – clearly presented and no pre-selected. You must ensure the individual is totally clear about what they are opting into.

3 – And, No means no… Anytime!

Of course, if an individual does opt-in, they have the choice to change their mind. You must provide them the opportunity to opt-out at anytime. You need to maintain an exception list and ensure that, if someone has changed their mind and told you that they no longer want to hear from you that you honour this.

4 – Your website needs a proper Privacy Policy

As part of the transparency of data, you need to publish a privacy policy on your website. This is a clear and concise document, written in plain English as opposed to a form of ‘legalese’ which tells the individual how you will use their data, if it will be used and how they can opt-out.

The privacy policy is vital even if you do not gather data but use cookies on your website as you need to state the data these gather and why.

Many sites have out of data privacy policies or none at all which puts you at risk of action!

5 – Be careful who you buy data from…

If you purchase data from a third party, you need to be sure that they are also following the requirements of the GDPR. If you are not careful, you could be unwittingly putting yourself at risk.

Ensure any supplier of data or leads is ensuring that they are collecting full consent from individuals and respecting their right to opt-out. A good supplier will be more than happy to reassure you and should have already asked you questions about how you will be using the data to ensure the legal requirement for transparency and security is

Putting Your Mind at Rest About GDPR

MM Group can help you put your mind at ease. As a data broker we were the first organisation to be independently audited by the DMA after the implementation of GDPR and are full members. It gives you the confidence that we only supply fully opt-in data and follow all aspects of the legal requirements.

And MM Group can help you with other aspects of your GDPR requirements, from creating website privacy policies to auditing your use of data. Get in touch with us today and put your mind at rest about GDPR.