Big Questions About the General Data Protection Regulation
The General Data Protection Regulation is, obviously, centred around data privacy, and also its focussed on the private data of individuals, particularly person living in any European union member state. It updates existing and introduces new regulations related to the processing of the personal information and data.
So, there are many questions that arises in mind related to GDPR.
Will the GDPR affect me?
The answer to this queries is yes. As an individual, the GDPR recommends when and how companies is going to process any data related to you. If you are related to the organization or controls personal of any EU citizen, the GDPR suggests how and when you have to do this. This states that GDPR is not only related to organizations but also to individual privacy.
Will the GDPR apply after Brexit?
The answer to this question is yes, as GDPR mainly concerned about how the company is going to process and control the EU user data. Moreover, the UK Data Protection Bill was introduced to the House of Lords on 13 September 2017. The Data Protection act is replaced by the Data Protection bill and it only make sure the GDPR standards when it comes to data processing and control, but also meets UK needs.
Will the GDPR replace the DPA?
Yes, and no. In the short-term, the General Data Protection Regulation (GDPR) does replace the Data Protection Act of 1998 (DPA). But Britain is also preparing for Brexit, and while the GDPR regulates the protection of data of any EU citizen, after Brexit there will be a need regulating data protection of UK citizens too.
The UK Data Protection Bill was introduced in 2017, and comes into effect in May 2018. The bill applies the same standards as GDPR, while clarifying the context of some GDPR definitions within a UK context.The Data Protection Act 1998 (c 29) is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system.
Will the GDPR affect cold calling?
The General Data Protection Regulation (GDPR) will most definitely affect all forms of cold calling, including cold email marketing. The GDPR sets a high standard for consent, placing an emphasis on leaving the individual (the prospect/customer) in control, and building trust and engagement.
Proper consent under the GDPR means the following:
- Consent must be explicit, and via a positive opt-in. This means you can no longer use consent by default, consent as a condition of sale or service, or even pre-ticked consent boxes on forms.
- Consent cannot be vague. The individual must give a specific statement of consent, while knowing what they are consenting to, and who they are giving consent to. If any third-party controllers will also be relying on the individual’s consent, they must be named.
- Consent should be separate from any other terms and conditions.
- Evidence of consent must be recorded and retained. This includes records of who, when, how, and what.
- It must be easy for individuals to withdraw consent, and they must be informed of how they can withdraw consent.
- You should regularly review your records of consent, making sure nothing has changed in terms of the relationship, the processing of the data, or the purpose of the consent. Refresh as necessary.
Will the GDPR affect B2B?
The GDPR specifically applies to individuals, so in the context of B2B relationships — existing and new — the impact of GDPR will depend on the contact information you use to communicate with your B2B clients. Whenever your contact information includes personal data, you would need to follow the regulations relating to explicit — and recorded — consent to opt-in. This would extend to also include regulations regarding data protection.
If, however, your records only include generic contact information (a contact number or email address with no name attached) you don’t necessarily have to record explicit consent, but you must make it easy for the company or organisation to opt-out, and keep a record of this.
What does the GDPR mean for marketing?
The GDPR is not a death knell for marketing, it is simply a way of regulating certain aspects of marketing. It doesn’t kill off direct marketing, it merely hands control of direct marketing to individuals. This means that marketers now need to ensure that they have explicit consent from individuals to market to them directly (be it via phone calls, email campaigns, or even direct mailing). It means marketers now need to inform individuals:
- Who will be marketing to them (company or organisation name). If any third-party controllers will also be using the individual’s personal data, they too must be named.
- How their personal information will be used, and what it will be used for.
- That they can opt-out at any time, while also explaining the process for opting out.
Marketers also need to understand that blanket consent is no longer allowed. Under the GDPR, individuals give consent for a specific campaign or purpose, and should that campaign or purpose change, they need to give consent again. If your customer gives consent to receive marketing communications relating to your range of lawn furniture, you cannot suddenly switch to marketing your new range of bathroom products to them.
Courtesy : Nabeena Mali (Medium)