I’m attending many seminars and webinars, and speaking at conferences on GDPR. The new General Data Protection Regulation, which comes into force in May 2018.
Here are some of the concerns I’m hearing about:
- Legacy data – what do we do with our existing customer lists, or information about individuals which is stored in our systems
- What do we need to include in our privacy notices – notices can be ‘layered’ and therefore provide information during the customer journey
- Certification on GDPR – there is no current certification to confirm compliance with GDPR as yet
- Consent for marketing – the overlap between the Privacy and Electronic Communication Regulations and GDPR. The two are separate – PECR is soon to be replaced by the updated e-Privacy Regulation – under which you can send marketing emails to existing customer relationship. The general rule is that you need evidence of consent to marketing, or (rather than needing consent) potentially in line with the ‘legitimate interests’ grounds, give information and choice and show evidence of that.
- How long does consent last for? There is no set answer – which is good. It depends on the sector, the customer lifecycle, what the customer would reasonably expect… find out through data mapping and discovery – this will help you understand and define what is a customer…
- Can we use purchased data? This depends on the basis upon which the individual gave their personal data in the first place, what they were told
Keep in touch, sign up to DBL for more useful information…or in the meantime get our free, downloadable guide here.