What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR), which became fully enforceable in the UK on 25 May 2018, has been designed to harmonise consumer rights in Europe and represent a key shift in the way customer data is used and managed, granting customers control over their own data and tightening the rules around its collection.
Intended penalties for firms found to be in breach of the GDPR have sent a shockwave through the business world, with non-compliant firms facing fines of up to 4% of global turnover or €20 million, whichever is greater.
The door has also been opened for potential customer litigation, should there be incompetence or negligence at play.
Compliance with the GDPR
To be compliant with the new data protection regulation firms must ensure that:
- Data is up-to-date: GDPR Article 5 states that “Every reasonable step must be taken to ensure that personal data that are inaccurate…are erased or rectified without delay”. Poor quality data is a key issue for many businesses and steps must be taken to ensure that personal data is accurate and up-to-date.
- Customers have the right to opt-out of marketing: Should a customer opt-out, it’s vital that businesses immediately cease all marketing to that customer.
- Customers have the right to opt-out of automated profiling: This will impact the use of Customer Relationship Management (CRM) systems and will create challenges for businesses seeking to re-target past customers. Technical issues around the identification and removal of duplicate customer profiles from multiple databases are also likely to arise.
- Customers have the right to request data held about them for free: Should a customer request access to their data, businesses will be required to provide to the customer all data currently held about them in an easily accessible format. Implementing this may well prove to be onerous for businesses that are not properly managing their customer data.
- Transparency is at the heart of the GDPR and businesses are obliged to ensure that customers understand at all times what data is being collected and what is the purpose for which it’s being processed.
- Where data is being processed, on the basis of consent, organisations must have clear consent to use customer data. The Regulation states that consent must clear and must be as easy to withdraw as it was to give.
How can Quinn Legal help?
Quinn Legal can assist you in a variety of ways with the General Data Protection Regulation. Visit the pages below for more information about the GDPR and how it will affect businesses on the Isle of Man.
Make an enquiry today
At Quinn Legal we help our clients from day one. Make a free enquiry about the new data protection regulation by calling 01624 665522 or emailing us and find out how we can help with your data protection needs.
Alternatively, you can fill out our handy online enquiry form and one of our team will be in touch within 24 hours.