James Dempster, Managing Director, Cobb Digital

What is GDPR? And what does it mean for my business?

The General Data Protection Regulation (GDPR) is a document that sets out the new data privacy laws and applies to all EU citizens. Whatever sector you work in, you will have to evaluate how you collect, store and use your customer’s personal data. The new rulings are being introduced to increase consumer control and re-build trust between customers and businesses. It’s a win for businesses in the long-run as your customers will be more engaged than ever before.

Will businesses need to change how they currently collect data?

Keeping it short and sweet, yes! The main change is that every submission of data must be freely given, specific, informed and unambiguous – no-more pre-ticked boxes for starters. You’ll also need to review your existing database as you’ll have to keep a record of consent within each entry. This might mean you need to change your data management software and as a guideline, we’d recommend recording when you’ve collected consent, the mechanism used and what they agreed to when their data was recorded. You’ll need to provide some of this information up front, in clear, plain English and the rest needs to be explained clearly in your privacy policy.

Will businesses need to update their privacy policy?

Most definitely and you need to make sure it’s crystal clear. You need to ensure you remove any technical or confusing jargon, name any third parties you use and explicitly detail how it benefits you and the customer. Ultimately, you need to move to a more ethical way of collecting data and ensure that your records are kept up-to-date and accurate at all times.