GDPR is the acronym that you actually HAVE to know everything about. The new regulation kicks in May 25, 2018 and it will change the way companies and organizations collect, store and use personal data . Are you fully prepared? Didn’t think so. 😉 Let us help you!
In this article, we will tell you…
- What is GDPR?
- GDPR and Lime – how does that work?
- How to prepare!
What is GDPR?
GDPR stands for The General Data Protection Regulation. It’s a new European privacy regulation that will come into effect May 25, 2018.
It gives all individuals, more power over their personal and work related data (banking info, addresses, IP addresses, hospital info, social media posts etcetera – just think about how much info you leave behind on the Internet!) and less power to the organizations that collect and use it for monetary gain.
This means stricter requirements for all of us who run a company or an organization when handling personal data, and it requires new procedures and processes for safe handling of data. The good thing? This is absolutely not the end of the world! With a CRM system, you already have a great start.
Will the stricter requirements apply to your company?
Is your business/organization established in the EU? Does your company save or in any way handle personal information about any individuals? Do you sell and/or store any personal information about citizens of the EU?
If you answer yes to any of these questions, GDPR will apply to you. And if you have a CRM system like Lime, you most certainly store personal information, so please listen up.
What is “personal data”?
Personal data refers to all information that can be linked to an individual. There is no distinction between personal data in a private, public or professional role. It doesn’t matter if the individual is an employee, a customer or a prospect, neither if you work B2C or B2B. As long as there is a person involved, you have to follow the new regulations.
Personal data may be obvious things like a name, but it could also be a mix of information that together makes it possible to identify a person.
- A name
- A mailing address
- An email address
- Location information
- Running text with personal information
- An update on social media
- A computer’s IP address
Penalties? Oh yes.
Companies that do not comply with the regulation risk sanctions. If you don’t comply with GDPR, the fines are up to 4% of annual global revenue or 20 million Euros, whichever is greater.
What rights will GDPR provide for individuals – and for the contacts of your company?
Let’s make this a bit more hands on! With this new GDPR, what rights will you gain as an individual? This list will hopefully clarify what your company needs to prepare for. Again – this is going to be so much easier to handle if you have a CRM-system.
The right to be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given instead of implied.
The right to request access to personal data and ask how the data is being used. Your company must then provide a copy of the personal data, free of charge.
The right to have information corrected.
The right to be forgotten . If an individual is no longer a customer, or if he/she withdraw their consent from your company to use their personal data, then he or she has the right to have their data deleted.
The right to request that personal data is not to be used.
The right to transfer personal data from one service provider to another.
The right to object, i.e. right to stop personal data for direct marketing. There are no exceptions to this rule, and any processing must stop as soon as the request is received. As an organization, you must make this very clear at the start of any communication.
The right to be notified if there has been a data breach which compromises an individual’s personal data. The individual has a right to be informed within 72 hours after a data breach.
Put some effort into GDPR – gain loyal customers
Yes. GDPR means extra work for companies. But please keep in your mind, that by being transparent about how personal data is used in your company, you don’t only show that you value an individual’s privacy, you will also build a deeper trust. This will make you retain loyal customers.
Start the preparations now. Create a plan for your GDPR journey, and be calm as a cucumber in May 2018 when customers start asking questions regarding compliance!
Dedicate time to understand what you need to do in order to become compliant.
Knowledge sharing and education. Make sure everyone at your company who works with data regarding any individuals at all know about GDPR and what it means for your organization.
Map all personal data. An important thing about the GDPR is “ privacy by design”, which means that all departments in an organization are required to take a closer look at their data and how they handle it. This means, that rather than just collecting random data, you’ll have to know what you want to use it for. Here’s a few bullets to help you get started.
- What kind of personal data do you handle?
- How do you handle it, and why?
- Who has access to it?
- Are there any integrity risks and what harm can they cause?
Review documentation and business processes. Under GDPR, individuals have to explicitly consent to the acquisition and processing of their data. Pre-checked boxes and implied consent won’t be acceptable anymore. Review all of your privacy statements and disclosures and adjust them if needed.
Establish policies and procedures for how you will process personal data.
- How can individuals give consent in a legal manner?
- What is the process if an individual wants his or her data to be deleted?
- How will you ensure that it is done across all platforms and that it really
- gets deleted?
- If an individual wants his or her data to be transferred, how will you do it?
- How will you confirm that the person who requested to have his or her data
- transferred, removed or corrected is the person he or she says he/she is?
- What is the communication plan in case of a data breach?
Put security measures in place to guard against data breaches.
How can Lime help you?
Lime has closely analyzed the requirements of the GDPR and we are working on enhancement to our Products, contracts and routines to help support you as a Customer in your journey to become GDPR complement in Lime.
Don’t hesitate to give us a call if you have any questions regarding how GDPR will affect your journey to become a customer magnet!
If you want to know everything and more about GDPR, visit www.eugdpr.org.