Back to our Resource Centre

GDPR – the bare essentials

Type: #Blog#GDPR

GDPR is a new legal framework that comes into force on May 25th 2018. It builds upon the existing Data Protection Act and it imposes more obligations on organisations to protect personal data and higher fines for non-compliance – 4% of global turnover or £20m, whichever is higher.

GDPR is about creating a higher global standard for data protection, privacy and security. GDPR has transparency and accountability at its heart. Don’t see it as just a regulatory approach, it is much more than that. It is about business continuity and mitigating risks.  It is about doing the right thing with data.  Look at it as an opportunity to look at your data management policies, and ask yourselves some hard questions about your processes and systems; an opportunity to do things better and improve on the way you deal with customer data and how you engage with them.

GDPR is complex, it contains 173 recitals and 99 articles. If you want to dive into the depth of GDPR, we suggest you go to the European Commission website.

First GDPR Blog4.pngWith Brexit, does it apply to UK businesses?

The simple answer to that is YES. GDPR will come into force while The UK is still part of the EU. And the UK has committed to adopt GDPR post BREXIT and go even ‘further’, including criminal offences to deter organisations from ‘recklessly or intentionally’ identifying personal data.

The Information Commissioner’s Office (ICO) is the body in the UK for Data Protection and GDPR. They provide guidance and are able to impose fines. Once again, we would advise you to go to their website for detailed guidance on what to consider with GDPR.

It is worth noting that there are other legislation changes happening alongside GDPR that will affect businesses:

    • The Privacy and Electronic Communication Regulations (PECR) known as ‘The Cookie Law’ sits alongside Data Protection Law today and provides rules on Marketing calls, emails, text and cookies.
    • EU intends that PECR be replaced by the e-privacy regulation. However, this is still working its way through the EU legislative process. We suggest you keep an eye on this as it will impact the way you communicate with your audience.

What is Workbooks doing related to GDPR?

At Workbooks we have strong processes and procedures in place to protect personal data. However, we are reviewing these to ensure we will meet our obligations under GDPR by the deadline.

Workbooks will shortly update its terms of service to reflect these obligations. These new terms of service will be effective for all clients.

And Workbooks is releasing new functionality to help its clients manage some of their GDPR obligations more effectively. We have launched a compliance record and developed automation tools to support our customers – and ourselves – in addressing GDPR requirements.

Watch out for further information over the next few weeks.

Data mgt 1_1.pngThink about technology like CRM as an enabler for compliance

With many things to consider, it is not easy to decipher where to focus and how to best address the various elements covered by GDPR. We are running a GDPR webinar series to provide practical and pragmatic guidelines on how to leverage a tool like CRM to drive compliance.

The first session covered: 

    • Lawful grounds for processing data and how to track and remain compliant using a tool like CRM.

Access the recording now.

The second session covered:

    • How technology like Workbooks CRM can be used to manage and streamline processes/workflows for supplier assessments, data subject access requests, data breaches and incident responses etc..

Access the recording now.

We also have one forthcoming session:

Tuesday 27th March, 10-11am – Register here

    • Email Marketing, e-privacy and GDPR
*“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.
“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. 
For more detailed information on data controller and data processor, click here.