In May 2018, the new GDPR regulations become enforceable for all countries operating within the European Union. The new legislation establishes stringent changes to the way companies collect and process data and even more stringent consequences for those companies that fail to make their data fully compliant.
And there’s not much chance that Brexit is going to make any difference; the regulations will become firmly established into law by the time we’ve left, and show little chance of being repealed afterwards.
So, if you’ve not already optimised your consumer data processing practices, it’s time to start.
Opt-in data changes under the GDPR
One of the most profound changes that the GDPR will establish is in the way that businesses collect data. Whereas before you could operate under an opt-out policy, ensuring customers had to specifically declare that they didn’t want their data processed, now the opposite is the case.
An individual now must actively volunteer their data, with tick boxes being the preferred method. Here are some other details the GDPR specifies:
- As a default, tick boxed should be un-ticked. There should be further options available that allow the user to select the type of marketing correspondence they wish to receive; email, phone or mail.
- The data subject is permitted to opt out of data processing at any point after opting in.
- Consenting to data collection should not be a condition of service.
- Sending someone an email to ask them for marketing permission is not permissible.
These changes will create profound challenges for companies looking to generate leads from marketing. What’s more, there’s a maximum fine of up to 20 million Euros, or four per cent of global turnover payable for a breach of these regulations; a figure that’s easily enough to send smaller firms into administration.
How to demonstrate data compliance
If companies choose to continue processing their own data after May 2018, there are a number of policies they will have to implement in order to demonstrate their GDPR compliance:
• Appoint a data protection officer if at all feasible.
• Carefully record and document all data processing activities.
• Implement data minimisation and ‘pseudononymisation’ guidelines that adhere to the new regulations.
In short, the data protection regulations that come into force next year are a minefield. The entire document clocks up just under a hundred individual articles that need to be adhered to.
Fully compliant data experts at Seawave
The team here at Seawave Media have a professional and comprehensive knowledge of the GDPR and other data protection regulations. It’s of vital importance to us that we operate to the highest data protection standards, and provide the most optimised and highest quality data possible within these regulations.
Our goal is to ensure every legal box is ticked, while still providing you with high value consumer lifestyle survey leads that deliver a great ROI.