The General Data Protection Regulation (GDPR) comes into effect on Friday 25th May 2018.
Are you ready?
Well, the good news is that the UK is doing rather well now with preparations for the big day, but there are still industry fears – fears which Elizabeth Denham, the Information Commissioner is trying to address.
More than 70% of British businesses are confident about their understanding of GDPR.
That makes the UK the most well-prepared European country for the GDPR – according to findings from a new study by W8 Data, which was carried out amongst the top 10 European countries by GDP.
Of course, that does mean there are still quite a few businesses that are more ‘unprepared’ for GDPR, but at 29% we lead the way! Here are the top 3 in the GDPR businesses ‘Unprepared for GDPR’ league table from the W8 Data study:
- UK – 29%
- Germany – 48%
- Poland – 52%
At the other end of the table, Italy (63%); Sweden (71%) fare poorly… with Spain being the least prepared (73%).
“It is fantastic news that the UK is leading the march when it comes to compliance,” said Will Anthes, managing director, W8 Data. “It is easy to be despondent given all the negativity surrounding GDPR but ultimately it will enable more responsible marketing that will lead to stronger relationships with customers.”
However, when it comes to the general public (both in the UK and the rest of Europe), the picture is not so healthy. Over 79% of people are, at present, unaware of GDPR, but as a note of caution to all businesses, over 82% stated they ‘will exercise their new rights and believe it will enhance their relationships with brands.’
Getting Ready for GDPR
Information Commissioner says ‘GDPR is not Y2K’
Shortly before Christmas, Elizabeth Denham, the Information Commissioner published an in-depth blog post listing a number of what she and her team see as the biggest misconceptions about GDPR.
The worst of which she sees as it being approached in the same way as ‘Y2K’.
Y2K, also known as the ‘Millennium Bug’, became controversial when few of the feared effects actually happened. “GDPR is not the Millennium Bug – there’s no wondering if the new legislation will happen, it will,” warns Denham.
In her blog, which you can see at www.iconewsblog.org.uk, Denham mentions that ‘GDPR compliance will be an on-going journey’ and she lays out what organisations should do now in order to demonstrate effective accountability.
5 Steps to Becoming GDPR Compliant
- Organisational commitment
Preparation and compliance must be cross-organisational, starting with a commitment at board level. There needs to be a culture of transparency and accountability as to how you use personal data – recognising that the public has a right to know what’s happening with their information.
- Understanding the information you have
Document what personal data you hold, where it came from and who you share it with. This will involve reviewing your contracts with third party processors to ensure they’re fit for GDPR.
- Implement accountability measures
Including appointing a data protection officer if necessary, considering lawful bases, reviewing privacy notices, designing and testing a data breach incident procedure that works for you and thinking about what new projects in the coming year could need a Data Protection Impact Assessment.
- Ensure appropriate security
You’ll need continual rigour in identifying and taking appropriate steps to address security vulnerabilities and cyber risks.
- Train staff
Staff are your best defence and greatest potential weakness – regular and refresher training is a must.
Much to do then, ONEPOST will keep you posted!
GDPR and Direct Marketing
If you’re wondering how GDPR will impact your direct mail marketing efforts or your general postal management, please don’t hesitate to get in touch with us here at ONEPOST. We’d be happy to offer any assistance we can and help ensure you’re ready for GDPR this May.