GDPR
Details to follow
We are currently developing some advice for our clients who have missed the GDPR deadline of May 25th 2018..
Although consent is an important feature of the GDPR legislation, capturing that consent in every situation may not be necessary and is not immediately required by this deadline. This process can continue beyond today.
Every business will be experiencing high volumes of incoming and outgoing mail traffic asking for consent
The result of this high volume of activity has been documented in many press publications
What do you need to do?
If you were not ready for the (May 25th 2018) deadline, don't worry. Here are the 5 things you need to do:
1. Notify the ICO
You were required to notify the ICO if your organisation processes personal data regardless of size – but you don’t necessarily need to do this before the deadline of 25 May 2018. Notification currently involves the completion of a lengthy form – but this won’t be the case after the deadline. If you’re a small organisation, save yourself the bother and register after the deadline. However, if you are part of a large organisation (more than 250 employees) then make sure you do this before the deadline.
2. Issue your privacy notice -
This doesn’t have to be hugely complex – a prominent message on your website and in the body of your emails are good examples of how to do this. Just make sure your notice is compliant with the ICO requirements.
3. Consider whether you really need to reconfirm marketing consent -
It is quite possible that you actually don’t need to ask for opt-in consent. This is one of the biggest misconceptions around GDPR right now. find out if you really need to do this, or whether you could rely on any other grounds to contact your customers under GDPR, such as legitimate interest.
4. Check your key supplier contracts
If your suppliers send through an updated version of a contract to comply with GDPR, check it carefully to make sure it covers only the clauses it needs to, and that nothing else has crept in. If you haven’t received updated contracts, find out why – because all contracts do need to be updated.
5. Have a plan
Even if you haven’t taken all the necessary steps to get GDPR ready, put together a (realistic) plan of what you intend to do to ensure full compliance over the next 12 months. It will help to demonstrate your intentions to the ICO.
We are here to help
We are happy to help with not just GDPR but any aspect of your business. We can quickly and simply generate forms for your business website to ensure compliance not just for GDPR but anything else!
