The General Data Protection Regulation (GDPR) takes effect on 25th May 2018, and is the biggest change to data privacy in 20 years. In the Market Research industry, this will affect the way we handle and store data.
What are the key headlines of GDPR? What is Digitab doing to be GDPR ready? And what tips can we offer you to be prepared for GDPR?
Headlines of GDPR
- Broader definition of personal data: Now covers location data and other online identifiers.
- Broader geographic scope: Applies to companies outside the EU, if they are handling data from the EU.
- Consent: Must be unambiguous, informed and by a statement or clear affirmative action.
- Breach & notification: Authorities must be informed of any data breach within 72 hours of discovery.
- Shared responsibility: Data processors and data controllers have obligations. Clients and suppliers need to work together.
- Accountability: Must be able to demonstrate compliance.
- Significant fines: Fines for breaches of the GDPR are up to 4% of total worldwide global turnover.
- Consumer rights: GDPR enshrines the consumer's 'right to be forgotten', the 'right to object to data processing', and 'right to data portability'.
What Digitab is doing
- Launching a GDPR Toolkit and GDPR tips
- Appointing a GDPR Steering Committee and Accountability Leads
- Creating a GDPR implementation plan and milestones for compliance
- Drafting GDPR Policy and Guidance documents
- Building a dedicated internal GDPR site
- Establishing reporting and audit measures
- Providing face-to-face training and workshops
- Offering online training and facilitating discussion
The GDPR implementation plan will run over the course of 18 months. This is to continue to support our implementation after the May 2018 deadline.
Digitab's tips to prepare for GDPR
- Review of the GDPR is critical: Get specialist advice and undertake a risk review with internal compliance and legal teams to work out how it applies to your business.
- Consider the role of suppliers and third parties: Market Research Agencies will largely be considered as "data controllers" and you need to understand the scope and role of all third party "processors" in your supply chain.
- What personal data do you hold and why? Consider detoxing your data - do you know what you have and why? How long have you held it? Do you need it? A review and purge of data before the coming into force of the GDPR in 2018 makes sense.
- Review and monitor consent trends: Continue to review all consent language, to ensure it is clear and the intended use of the data is transparent.
So, at Digitab, the preparations for GDPR are well under way.
Please get in touch if you would like further information about how we are collaborating with our clients and suppliers.