5 minute read
GDPR countdown - what happens if I don’t
GDPR Countdown What happens if I don’t comply?
If you’re thinking that GDPR won’t affect you then you might need to think again. Regardless of where your organization is based, if you do business with any EC citizens you will need to comply...
@ReallySimpleSys
Helen Armour, Head of Marketing, Really Simple
Systems CRM
Helen came to the world of CRM three years ago, having spent most of her career in the travel and leisure industry. Understanding the issues that GDPR brings for marketers worldwide, Helen and the team at Really Simple Systems have looked for solutions to help small businesses comply with the legislation by publishing guides and developing marketing compliance features in their CRM.
The European Union’s (EU)
General Data Protection Regulation (GDPR) becomes law on 25th May 2018 and is the EU’s answer to data protection for the modern day, affecting anyone processing and holding data on EC citizens. Doing nothing to comply may not have any impact in the short term, but down the line it could seriously affect your business.
What is GDPR?
As technology has developed, it’s long been recognised that previous data protection legislation was no longer fit for purpose. GDPR looks to return ownership of all personal data to the individual so they can control who can hold their data, where it is stored and how it is processed. It also gives an individual the right to have any data erased if they wish.
The recent data security breach at Facebook, implicating Cambridge Analytica, is a prime example of the type of scenario the legislation is designed to protect against.
What’s needed for GDPR compliance?
For business, this is the biggest marketing and compliance challenge organizations have faced for some time. There are strict requirements to abide by and anyone not happy with how you use find stories of questionable data their data can make a complaint to protection activity. This, along with the regulatory body. an increase in cybercrime, creates heightened awareness of data The main areas GDPR looks to security. Already there is a move address are: away from social media and people are increasingly Data Protection – cautious about the data of EC “For business, who they give citizens must be this is the biggest their personal held securely, and it must remain within marketing and compliance challenge data to. Most of us will the EU or a few organizations have have received other approved faced for some time” emails already countries, including from organizations Switzerland but seeking our consent to excluding the US and continue being mailed. As Australia awareness spreads, more and more Consent – individuals need to have people will look to make sure the given you explicit consent to be organizations they put their faith contacted with your marketing in are compliant. Failure to adopt Data Portability – the personal data the regulation is likely to leave your you hold must be made available to business isolated as you can be the citizen if they request it sure that your competitors will seize Right to Erasure – the individual the opportunity and leap ahead by can request to have their data promoting their compliance. deleted and you will have to comply Data Breaches – there are strict What should I do to comply? rules for reporting any data breaches that may occur First, you’ll want to check that the Fines and Sanctions – if you don’t data you hold is being stored and comply you could be faced with accessed in compliance with GDPR. a big fine, up to 20m Euros or 4% The data cannot leave the EU at global revenues, whichever is any stage and access needs to be higher restricted to just the people who need it to do their jobs. If you are Data security consciousness using any external systems, for example, for your HR, accounting As with the Facebook breach, or CRM, you should check these you don’t have to look too far to are compliant and that the data
servers used are based in the EU. If you have data on other systems like Microsoft Outlook and in spreadsheets across your team’s PCs, look to remove all the personal data and consolidate it in a compliant CRM.
Larger organisations will be required to appoint a Data Processing Officer (DPO) though this might also be recommended for small businesses too. That way you’ll have someone in your organization who fully understands GDPR and your business responsibilities.
Collecting marketing consent
If you are collecting new leads, you’ll need to gain consent before you can send them your digital marketing communications. That includes your emails, SMS, fax and telephone calls. You can do this by adding a checkbox to your website registration form, but it needs to be a positive opt-in. That means you can’t use a passive opt-out such as a pre-ticked checkbox and you’ll need to include an unambiguous description of what will happen if they give consent.
You’ll also need to gain mailing consents from your existing customer base. Again, you can’t just refer to your privacy statement, people need to give you permission for you to mail, not permission to not be mailed.
Be prepared for the worst
Probably your biggest liability will be your staff, so you’ll need to make sure they are educated on their responsibilities. Should the worst happen and you experience a data breach, GDPR gives you just 72 hours to report it to the regulating www.ipayroll.co.nz
authority. You won’t have time to consider the best approach to be taken, so documenting your data breach procedure and training your staff in advance will mean you’re prepared.
Promote your compliance
Once you’ve ticked all the compliance boxes do make sure you let everyone know. As awareness grows, you’ll find that in both B2B and B2C operations, customers are looking for GDPR compliant partners so you may find new business as a result.
FIND OUT MORE...
To find out more visit:
Your complete payroll solution, wherever you are
Premier Cloud services since 2001. All sized businesses from one employee to many hundreds. Manages leave, pays employees, PAYE and ir-Filing (NZ) and Superannuation (AU). Auto payroll, Employee Kiosk and Partner Programme.
Employee Kiosk
Time Logs HR and Leave
50+ Reports Fully secure, Totally Confidential and Two Factor Authentication (2FA)
Manage Superannuation (AU) and Manage PAYE (NZ)
Seamless Xero Integration - First Add-On Partner to integrate with Xero
New Zealand
> reallysimplesystems.com
Australia
www.cloudpayroll.com.au
