General Data Protection Regulations or GDPR for short!
You may think that data protection regulations isn’t your department’s concern. But these regulations actually affect every department that uses an individual’s data, whether it’s to send marketing communications or to manage customers’ payments.
If you work in business it is likely you will manage customer records. All data relating to identifiable individuals, including financial data, is covered by the current Data protection Act 1988 but this regulation will be superseded by the General Data Protection Regulation (GDPR) on 25 May 2018.
The introduction of GDPR will mean a number of changes in how businesses operating throughout the EU manage data.
What are the key points of GDPR?
Here’s a summary of some of the key changes:
If your organisation is a public authority, processes large amounts of data or carries out large-scale monitoring of individuals then the company will need to appoint a Data Protection Officer If the organisation processes high risk or sensitive data you may need to conduct a data privacy impact assessment
Consent and opt-in
The organisation needs to prove that it is ‘lawfully processing’ contact data; this ‘lawful processing’ needs to be documented Lawful processing is likely to be either consent (the contact opting in to their data being used) or for the necessary performance of a contract. Consent is going to be the most commonly used Consent must be considered ‘granular’, i.e. people can opt in to certain things but not others With regards to existing data, the company will need to refresh consent if there is no record of it currently or where none has been gained in the past There are a variety of ways you can gain consent but pre-checked boxes are no longer allowed
Individuals have more rights under GDPR Existing (but amended) rights include the right to access their data and the right to have data corrected New rights include the right to be forgotten, the right to port their data to another company and the right to restrict the processing of their data for automated profiling purposes
What should I be doing?
You should get involved in any action groups that have been set up in your organisation in order to make sure the accounting function is suitably considered in any audits and data mapping. You will also need to be aware of how any proposed changes in data policy will affect how you work with and manage data passing through your department.
Don’t leave it until the last minute, get to grips with GDPR.