GDPR stands for General Data Protection Regulation
This new regulation gives people better control over what organisations can do with their personal information.
The GDPR becomes law on 25th May 2018.
The GDPR affects any organisation that handles people’s personal information, whether that’s customers, suppliers, staff or the public.
If an organisation ignores the law, or gets it wrong, they could be fined up to 4% of their annual turnover.
The main rule of the GDPR is that personal information must be only be used for specified, explicit and legitimate purposes. So, you should not contact someone unless they ask you to, or send them irrelevant information they didn’t request.
When collecting anyone’s data, you must make it clear and obvious:
- who you are by stating your identity (your company name and any third parties who will use the data)
- why you want their details
- what you will do with that information
- how they can withdraw their consent.
Review your data collection process now to see if you meet these standards. You should have a record of consent from every individual on your database.
Whether you’re an office of three or 300, you’ll be held to the same standard.
Get more general information
The Information Commissioner’s Office (ICO) is the UK’s authority on the subject and provides detailed advice on the GDPR.
If you want to unravel the complexities of GDPR and be compliant by the deadline of 25th May 2018 then Two Lizards can help.
Please contact us online or call 01403 731028.