The countdown continues to the EU’s General Data Protection Regulation (GDPR) coming into force on 25th May 2018.
GDPR is something that big business is already tackling, but we’re conscious that SMEs, especially those that are selling online, are still coming to terms with what will and won’t change next May.
But Aren’t We Leaving the EU?
Mention the EU in the context of the GDPR and it’s the most obvious question – many assume it won’t apply because of Brexit. Recent research indicated the figure was as high as 15%.
We are leaving the EU, but that’s currently scheduled for 29th March, 2019 – two years on from the triggering of Article 50 and almost a year on from the GDPR’s rollout. Rules set by the EU, such as the GDPR, will remain legally enforceable until then.
Under the Government’s current plans, EU law will be copy and pasted into British law in its entirety upon exit by the Great Repeal Bill, meaning that the GDPR will continue to apply to British Businesses.
GDPR could then be repealed after 29th March 2019, but even if this happens on the next day (which seems unlikely), there will still be a period in which the GDPR applies to your business.
As an Online Retailer What do I Need to Worry About?
In terms of risk management, there are two clear elements:
The following will be impacted:
- Customer data, including prospects and leads.
- Suppliers data
- Data on employees
- Any information that falls within the Data Protection Act of 1998 or the Privacy and Electronic Communications Regulations (PECR) of 2003.
Processes that will be Impacted
- Do you use Mailchimp, or other automated tools to contact your customers (including SMS and automated calling), then you’ll need them to explicitly opt-in to your communications.
- Un-tick the box and step away from the sign up form. You’re no longer able to assume consent. Just having someone sign up to use your service or buy a product from you is not enough to assume that they’re going to want to hear from you. The customer has to opt themselves in, ticking / signing / giving up their first-born on the basis of a specific statement from you about how you would like to use their data.
- Give me all my data! Until this point, if a customer wanted access to all of the data you held on them, then they had to pay a nominal fee for the privilege (£10). That charge will be removed and you have to fulfil any request from a customer digitally, within 30 days.
- At the moment, if you experience a data breach then the ball is in your court with regards to whether you feel it should be reported or not. From next May, any data breach has to be reported to the ICO and it will lead to your company being fined.
- Fines for breaches will start at €20,000,000, or 4% of global revenue. Depending on which is greater.
What does I Do Next?
There are a number of steps you can take:
- Document your processes. Dull work, but necessary. This will enable you to understand what you’re doing at the moment, the data you have and how it’s currently used.
- Processes and Systems. Review these thoroughly. It will ensure that you can cope next May. And worse case, at least you’ll have a chance to put workarounds in place.
- Clean your data. Duplicate company records and incorrect data will make your life much harder come next May. Get on top of your key data now in order to hit the ground running once GDPR comes into force.
- Consent. It’s worth holding fire on actually re-writing your Opt In Statements, as the Information Commissioners Office (ICO) is yet to publish their formal recommendations on how consent will work from next May. But we do know this is going to change and you will need to take GDPR and ICO’s position into account with regards to how you ask customers for their data.
- Campaign. A clean mailing list is every marketer’s dream. Old data that may no longer be accurate can have a huge impact on the performance of your marketing. Use GDPR as a catalyst to re-engage with your mailing list and re-vitalise your marketing.
CRM and how it can Help
Khaos Control Cloud’s CRM functionality means that you are already ahead of the game when it comes to complying with GDPR.
Not yet using Khaos Control Cloud to grow your company? Then contact us this minute and experience the difference we can make to your business.