Get to know the GDPR


GDPR? The Grateful Dead Peace Revolution? I hear you ask.  No, not that, this GDPR is the EU’s General Data Protection Regulation. It comes in to force in 2018 and even though in the UK we will (Probably) be on the very eve of Brexiting the EU, their new laws around data protection will have an impact on any business that collects or processes personal data of EU citizens.

Much of the regulation is in line with current regulations that we all adhere to under the Data Protection Act 1998 (DPA) and the Electronic Communications Act 200 (ECA), but there are some new elements that mean we will all need to address the way we seek consent to collect or process personal data and the policies we have in place to ensure the security of the data we lawfully collect, for example the ICO states in it’s summary…

You are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach’  

The regulations may require organisations to appoint dedicated information officers responsible for data security.  Definitions of what counts as personal data are also widened to potentially include IP addresses and other ‘Personal Identifiers’… ‘Reflecting changes in technology and the way organisations collect information about people’

The regulation also mentions ‘pseudonymised – eg key-coded’ data, so those of us using ‘User explorer’ features available in some ‘popular’ analytics tools need take note.

Dramatically, in the event of prosecution fines could be as much 2% of an organisations Global revenue!!

Of course there are many businesses and organisations that are only active in the UK and they may consider in the light of the June referendum, that these regulations do not concern them.  That may turn out to be so, but given general public anxiety over data collection and the need of business to follow regulations in significant markets, it is likely that the continued tightening in the EU will  strongly influence UK policy.

At Evisible, we have helped many organisations to cleanse and secure their marketing data silos, improving data collection and processing policies and practice, to both comply with general regulation and create opportunity to increase positive engagement with customers.