Maria Sales & Marketing Director
What is GDPR?
You may have heard the phrase ‘GDPR’ being mentioned a lot recently, but what exactly does it mean? GPDR simply stands for The General Data Protection Regulation and is set to take effect on 25 May 2018 to replace outdated privacy laws.
Introducing GPDR will help us have more control over our personal data and will enable individuals to have easier access to personal information held by a business within the European Union.
Any business that collects data in or from Europe, whether they are based in the EU or not, will have to comply with GDPR or face a hefty fine of up to €20,000,000 or 4% of global annual turnover – whichever is greater!
What is a data user?
There are three types of data users:
Data controllers
A data controller is any organisation that keeps personal data on any EU data subjects – this could be employees, customers or future clients. A data controller is also an organisation that is responsible for deciding how the information and data is processed.
Data Processors
If an organisation uses a third party company to process or collect data but not contact the individuals directly, then the third party would be considered a data processor. If data processors make contact with data subjects they are seen as data controllers.
To be GDPR compliant, data controllers and processors must ensure an individual’s personal data is:
a) Processed lawfully, fairly and in a transparent manner
b) Collected for specified, explicit and legitimate purposes
c) Adequate, relevant and limited to what is necessary
d) Accurate and, where necessary, kept up-to-date or deleted
e) Kept for no longer than is necessary
f) Kept with appropriate security of the personal data, including protection against unauthorised or unlawful processing, or loss
Data Subjects – individuals
Individuals, whose data is kept by a business, have certain rights under GDPR. These include:
The right to be informed
The right of access to their personal data
The right to rectification
The right to be forgotten
The right to restrict processing
The right to data portability eg energy contracts
The right to object
Rights in relation to automated decision-making and profiling
We are ready
At Eat Marketing, we’ve always put our client’s data privacy and security first and have robust business processes in place. We don’t consider May 25th as a deadline, but instead see GDPR as an opportunity for our clients to have more control over their personal data. To prepare for GDPR we have carried out data mapping of all client websites and email marketing. Following the ISO’s guidelines, we have set up:
Password Policy – All Eat Marketing email communication is conducted via gmail and all Eat Marketing employees have double-verification password protection on their accounts.
Employee training – All Eat Marketing employees are trained in data handling and sign up to Eat Marketing’s GDPR code as part of their induction. This also includes password management, computer handling, paperwork shredding and security and email etiquette.
Secure and regulated data platforms and server systems – All Eat Marketing client projects are held and managed in a password protected, top tier cloud based project management system. This data will never be passed on to 3rd parties without permission.
Supplier checks – All suppliers and third party cloud platforms have been contacted and requests made for GDPR and Data Protection Policies. Eat Marketing will always endeavour to source the most credible and top tier suppliers and cloud systems.
Data mapping of projects – All Eat Marketing client projects are data-mapped and indicate where data is collected, stored and processed. This allows Eat Marketing to clearly define its data processor role in relation to clients and the handling of their customer data.
Marketing data confirmed – All data collected via new business enquiries is held in a top tier password protected management platform. This data will only be used to address the enquiry made and with permission may receive Eat Marketing’s newsletter with industry insight. In addition, we are cleansing existing email lists to ensure only those who wish to receive content will be contacted.
Updated our website privacy policy – We have updated our privacy policy on our website.
Data Protection Policy updated – We have added a GDPR code to our existing Data Protection Policy.
GDPR email setup for GDPR communication and requests – We have set up a specific email account which will handle all GDPR communication and any data requests made.
Are you ready?
If you are struggling to get your head around the new regulations or can’t find the time to sit down and go through everything, we can help. We are up-to-date with all GDPR regulations and can guide you through the necessary steps to take in becoming GDPR compliant by May 25th. Working together, we can ensure you are GDPR ready by following our tried-and-tested method:
Email data cleanse – We will create and carry out an email marketing strategy to encourage existing customers or clients to confirm they would like to continue receiving content from you.
Why do I need to do this? Individuals must give explicit permission to be on your data list and how they consent to their data being used.
Website updates – In line with your brand tone of voice and GDPR regulations, we will write a bespoke message that will be added to all data capture points on your website. We will also update your website’s privacy policy to be GDPR compliant.
Why do I need this? Individuals must be made aware of how their data will be used, stored and managed by your business before they sign up to anything.
Ongoing support – We will provide you with ongoing GDPR support, helping to manage data requests and future GDPR updates to your marketing databases and strategy moving forward.
Why do I want this? Under the new regulations, individuals will be able to make requests that you amend or delete their details from your list. Regulations can change as can your marketing!
What are you waiting for? Make sure you’re ready for 25th May 2018 and contact Eat Marketing today!
