The General Data Protection Regulation, passed in May 2016 and set to come into force in 2018 will have serious implications for any company handling personal data. (Hint: this is any company which sends out marketing communications to a list of people they don’t know personally).
The problem is that the laws are vague and many SMEs are unsure of what it means for their business.
Michael Packman at Nexus B2B has highlighted the 7 major principles that underpin GDPR and how they apply to businesses handling data – hugely useful for any company in doubt about whether GDPR will apply to them…
What is personal data?
Notice – people whose data is being collected, processed and kept should be informed
Purpose – data collected should be used only for the stated purpose(s) and for no other
Consent – personal data should not be disclosed or shared with third parties without the consent of the person concerned
Security – once collected, personal data should be kept safe and secure from potential abuse, theft, or loss
Disclosure – people whose personal data is being collected should be told which party or parties are doing this
Access – people should be granted access to their personal data and allowed to correct any inaccuracies
Accountability – people should be able to hold personal data collectors accountable for following all these principles.”