The General Data Protection Regulation (GDPR) will apply in the UK from the 25th May 2018 and whilst 267,840 minutes certainly seems like a lot of time to prepare a lot of companies are slightly scratching their heads around what this regulation means, how it is going to affect them and what they need to do.
To help introduce some of the concepts and principals of GDPR we thought it would be helpful to collate a list of resource, tips and examples to help you get the ball rolling.
PREPARING FOR THE GENERAL DATA PROTECTION (GDPR)
The ICO have published a great introductory document introducing some of the key new requirements and giving you 12 steps you can take right now to prepare for GDPR. Don’t be put off by the 11 pages, the document only takes 15-20 minutes to read through and is a great introduction!
ENSURE APPROPRIATE OPT-INS!
It is very important that you are identifying how you want to use the data you are collecting and check whether you are getting appropriate consent!
If a user thinks they are giving you their data to use for “Purpose A” and, upon receiving their data, you also intend to use it for “Unrelated purpose B” then you need to be asking them to opt-in to this separate purpose and, if they chose not to, you need to make sure you only use their data for “Purpose A”. This does not mean that all consent has to be via checkboxes. Take the following 2 scenarios from the Coffee1 website to see how this applies in principal.
An online job application
In this scenario the user is giving their data for the purposes of a job application, if you want to use their data for marketing purposes then you will need them to confirm they allow this via a separate opt-in.
An email newsletter sign up
In the below example we are making it very clear to the user that they are signing up for a newsletter and, therefore, do not need them to separately tick an opt-in checkbox as this is the sole purpose of the form.
BUT THIS IS ALL A BIT CONFUSING
Yes, it’s very confusing but, thankfully, the Information Commissioner’s Office (ICO) are here to help.
The ICO have a very helpful live chat facility where you can ask quick questions and get answers (and a transcript of the conversation). You can take advantage of their live chat facility by following this link – https://ico.org.uk/global/contact-us/live-chat/.
In addition the ICO published a blog post back on 31st October 2017 talking about a New data protection advice service aimed at small organisations preparing for General Data Protection which users can phone on 0303 123 1113 (selecting option 4) and speak to a member of their team who can offer support.