The General Data Protection Regulation (GDPR) is coming into force on the 25th May 2018, but how much do you know about the European Union’s latest major piece of legislation? And is your organisation ready for the changes?
We asked our client and technology partner, Martin Scovell, founder and CEO of MatsSoft, an innovative, independent software company, to summarise what the changes mean for your business and outline some steps you can take to make sure you are ready.
GDPR is designed to protect all EU citizens’ personal data held anywhere in the world. But the regulation doesn’t stop there. The way we collect, store and process EU citizen data also falls under the new rules, and will have a significant impact on all organisations operating or trading within the EU.
With less than 12 months to act, you need to be prepared and start making changes – now.
What will the changes mean for you?
Put simply – anyone handling personal data will be responsible for how it’s protected. And heavy penalties will be given to any organisations in breach – €20 million or 4% of global annual turnover.
The regulation incorporates seven rights:
- To be informed – organisations need to be transparent with people whose data they hold
- Access – allowing people to access their held data at any time
- Rectification – notifying of sharing data with third parties
- Erasure – also known as ‘the right to be forgotten’
- Restrict processing – people can block their data from being processed
- Data portability – allowing users to easily transfer personal data across environments
- To object – including public interest, direct marketing and scientific or historical research
The ICO has published a 12 step programme that businesses should undertake to ensure compliance – MatsSoft have produced a quick guide which you can see here: http://www.matssoft.com/news/how-can-your-business-accelerate-gdpr-compliance/
Understanding how important this legislation is, MatsSoft has developed a three-stage process to help businesses simplify GDPR compliance:
- To keep track of all the activities you should undertake to ensure compliance, you could create your own quality and compliance management system quickly and easily using MATS Low-code. This will build a clear picture of which systems are compliant and create a report of non-compliance for regular review by the CIO. It can also publish relevant training and policy information to the members of staff who need to sign off. This ensures progress is continually communicated and tracked as you go.
- Many organisations will find it’s not just business systems that are affected – personal data are often stored, transferred and processed manually using email and spreadsheet workarounds. Ad-hoc, manual or simply clunky processes should be automated – which will reduce compliance risk and improve processes at the same time. MATS Low-code is an ideal technology choice for automation because it enables cross-functional teams to build solutions up to 10x faster than traditional methods.
- Outdated systems that can’t be upgraded are going to cause issues. By upgrading to MATS applications, you will be safe in the knowledge that your data is being protected and optimized for best use.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
GDPR has significant implications for marketers, essentially in three key areas. Firstly, in relation to consent regarding communications. The GDPR states that consent must be ‘freely given, specific, informed, and unambiguous’, and with a ‘clear affirmative action’. Consent cannot be assumed and a pre-ticked box won’t comply in the future. Prospects and customers must agree to their data being used and to being contacted. Secondly, the right to be forgotten. Giving more control to individuals over their data also means giving them the opportunity to access and remove data under certain circumstances. Lastly is the legal basis for processing personal data. In practical terms, this will be mean improved data management and more prudent data collection.
MATS is an innovative, independent software company with a passion for business simplification and improving customer experience. Its Low-code platform MATS takes Business Process Management to the next level, allowing web, mobile and socially connected applications to be built incredibly quickly, without coding. Established in 2007, MatsSoft helps global customers, including Vodafone, Nationwide, Intel, GOV.UK and ITV to deploy process and CX improvements faster than they ever thought possible. To find out more about getting GDPR compliant with MATS visit http://www.matssoft.com/ and book a demo.