It’s almost a year since the EU’s new data protection laws took effect – May 25 2018.
What does GDPR mean?
GDPR outlines six scenarios in which data processing is legally permitted. Unless you can show that your processing activity is a match with one, then you are perceived to be non-compliant.
The six scenarios are:
- consent
- contract
- legal obligation
- vital interests
- public task
- legitimate interest.
Who does GDPR affect?
Under GDPR, the law ‘regulates the processing by an individual, a company or organisation of personal data relating to individuals in the EU’. These rules apply to all EU countries, including Iceland, Liechtenstein, and Norway, or any country that does business with anyone in the EU. These rules don’t apply to personal data for personal reasons. But if your organisation processes personal data for business purposes in the EU or from someone from the EU, then GDPR applies.
If you are a company doing business in Europe, even if you’re not based there, you now need to get explicit consent to share your customers’ personal data. And one incidence of consent isn’t necessarily enough.
How do companies stay compliant?
Essentially, companies need to prove that individuals consent to their data collection and that they know what is going to be done with it. They also need to have the freedom to withdraw their data at any time, if they so choose.
How it’s going so far?
What impact has GDPR had upon your business? Is your compliance strategy well and truly embedded or are you just starting out on your journey? Maybe you’ve already been fined?
Even if you’ve escaped fines so far, if you’re not observing the new rules of marketing and data management, the likelihood of you landing yourself and your business in trouble is growing.
When it comes to fines, 20M Euros for data breaches has been suggested, but taking legal costs into consideration, the actual amounts could be much higher. In the first year, the focus has been on compliance rather than enforcement, but you can rest assured enforcement and fines are on their way.
Astonishingly only 20% of firms that do business in Europe are currently GDPR compliant, and 27% have not yet begun their compliance strategies. You don’t want your organisation to be one of the ones that take the first hit.
Cyber crime on the rise
As cyber crime becomes more and more sophisticated, so the threat of data breach rises. Some think it’s a question of ‘when’ rather than ‘if’. Global spend on cyber security solutions continues to grow exponentially, and annually it’s predicted to grow 33% by 2022, a total of $134 billion every year. Taking steps to ensure you’re GDPR compliant will ensure you can protect your customers, your reputation and ultimately your business.
It’s not going to go away
Maybe you’re not based in Europe and the bulk of your business isn’t in Europe either. But the implications of GDPR are far-reaching, and GDPR itself represents a significant shift in global attitudes towards the use of data. Canada already has similar legislation and other countries – including Brazil and Singapore – are quite far down the line in getting similar rules ready to be entrenched in law.
As far as the US goes, there is no comparative national legislation, but the state of California has passed a Consumer Privacy Regulation, which is quite similar. According to Ovum Consulting, two thirds of US firms think that consumer pressure will result in a US version of GDPR.
One year on – some findings
According to a recent Third Sector survey, more than half of the charities they surveyed have seen a decimation of their email database due to GDPR.
• 37% of the respondents also said that their postal database had decreased to some extent
• 20% of respondents claimed that their phone database had also decreased as a result of compliance regulations.
It’s generally accepted across business that, since the introduction of GDPR, the numbers of database contacts have significantly reduced. It’s not possible to re-petition previous contacts to opt in, if they didn’t respond in the first place. So a key business focus today is on acquiring and retaining new supporters.
Contract management software can help you stay compliant
The main purpose of GDPR is to have a consistent way to monitor and protect data, so the security of your contracts will always take priority. This is where contract management software can help.
Contract Insight from Four Business Solutions
Contract Insight – contract management software – from Four helps you better manage and secure your business. If you’d like to find out more, or you’d like a free trial to understand how Contract Insight can help you, please call John O’Brien on 0800 6250 025.
John O’Brien is the CEO at Four Business Solutions, global business consultants and software integrators providing business processes improvements in Finance, Supply Chain & Operations, across a broad range of industries.