What is GDPR?
There has been much talk in the industry media regarding the incoming legislation on General Data Protection Regulation GDPR.
It comes into effect across the EU 25 May 2018, and is essentially built around some key principles with regard to handling personal information:
- It’s not about database marketing and emails
- It is about how organisations obtain store and use personal information.
- It’s designed to “enable people to better control their personal data”.
- It is ‘technology neutral’, it’s not about computers and emails, it’s about principles. In this case it relates to paper record copies, telephone calls, as well as your computer systems and emails!
For reference, personal data can be defined as anything which identifies or can be associated with an individual.
With this in mind I suggest that you start to look across your business and establish what you hold in terms of employee data(current and previous) and your customers and prospects(current and previous too!).
There are of course genuine reasons why your business would need to keep personal information, but the point is being able to demonstrate legitimate interest for doing so.
You must have clear processes enabling objection and opt out of processing the personal data.
The Penalty for not being compliant
Should companies not be set up for GDPR compliance on 25 May 2018, then the financial penalties are very severe. There are 2 levels of fines depending on infringements:
- The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher
- The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. (View Source)
Penalties have clearly been set in this way to ensure compliance.
GDPR and Prima
I just really want to highlight some areas within the company records that need considering with regards to the data you have stored in Prima, ask your team to answer the following:
- Do you have the consent of your prospect list to store the information your database?
- Are Contacts in your customer accounts up to date?
- Do you store personal information about your employees(current or previous) in your database?
- Do you store any potentially sensitive personal information against contacts in your Prima Notes or Journals?
These would be the initial pointer questions I would be looking to answer in preparation for May 2018. I also suggest you look at your user permissions to ensure that as a matter of course you are only allowing certain users to views records relevant to their role.
Obviously the above is an overview of GDPR, and I strongly advise that you do your own research in to the legislation to understand how it will affect your business. From the sessions and seminars I’ve taken part in regarding GDPR, a lot of the information comes back to taking a common sense approach, and start looking at the information held in your business as soon as possible.
Final thought: If you don’t need it or don’t have the permission, then get rid of it.
As more and more information is discovered on this topic, we will be sure to keep you updated. BOSS Federation are also running a course on GDPR 30th October, for more information click here.