We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Powered by Cookieyes logo
https://groundlabs-dev.centreblue.com/wp-content/uploads/2018/03/img_001.jpg

Data Security

10 Practical tips for GDPR compliance

BY Marketing Ground Labs | 23 March 2018

As we all saw yesterday Facebook is now looking at the prospect of a hefty fine, had this information come to the commission’s attention on May the 25th. It could have been a different story. Time is running out not just for Facebook to protect all our data but for everyone else as well. For those of you that are still struggling with challenges faced by the new GDPR, please read on for some practical tips.

The Facebook-Cambridge Analytica situation this week has thrown the way companies handle data into spotlight and mainstream news once again. Cybersecurity and cybercriminals now have become commonplace in our daily news cycle. Time marches on to the May 25th deadline when all companies will need to comply with the new EU Global Data Protection Regulation (GDPR). Business across the UK and the EU have only two months to consider how they handle, collect and store citizens personal data that do not infringe on their rights.

We know about the fines facing companies that don’t comply or have no plan in place to show the commission they are preparing for GDPR but let us talk frankly for a minute. What would the reputational damage be for a company hitting the headlines because of a data breach? For these large organisations, how do shareholders now view the stock? How does the average consumer on the high street now see the company that lost their data? We are all consumers and we trust companies to take care of our personal data. We trust them to take adequate steps to protect it where it’s stored. We trust them enough to assume they have taken the necessary steps to stop the constant threat of cyber criminals hell-bent on stealing that data. But look at Facebook as an example. They are a massive global organisation with endless resources to secure personal data, but they failed. We as consumers feel helpless when our data is splashed across the news headlines and the reputational damage to the business and the brand sometimes outways whatever the fine will be.

There are some positives we can take from high profile data breaches. Many company executives have been forced to sit up and take note. The old idea of leaving GDPR compliance to the IT manager has gone. Companies now realise they have a responsibility to keep the data they collect secure. They also have to minimise the risk of data breaches as best they can by taking a company-wide approach to data management.

These companies are now driving a lot of the governance work, including revised policies, training and assurance, which is time-consuming, but necessary. A company’s ability to inform the ICO (information commissioner’s office) of a data breach within 72 hours of being alerted, and being able to respond to subject access requests within one month is currently a large challenge. Companies are being forced to take the appropriate steps to review how they process data and take adequate action.

To help you with the GDPR mind field I have created 10 practical tips for compliance, hopefully, this helps?

1.   Map out where personal data is, where it came from, who has access to it and what it’s being used for.

2.   Expand on your consent notices, across your website, brochures and third-party contracts.

3.   Explain the option to opt out of future marketing, when data might be collected, and exactly how it could be used to meet the new requirement for ‘clear affirmative action’, and an end to pre-ticked boxes and bundled consents.

4.   Signpost privacy notices better across all mediums.

5.   Highlight to your customers when data that’s been collected may be sent outside the European Economic Area (EEA), to Government Digital Service centres overseas for example, where data protection may not be as strong as within the EEA.

6.   Ensure customers are aware of their right to demand full details of the information held on them. Under the new GDPR citizens now have rights on what data is being stored.

7.   Understand that a company’s appointed data controller must notify privacy regulators and affected individuals in the event of certain data privacy breaches within 72 hours – without the correct tools this could take some time!

8.   Conduct a full data audit, and review data collection forms and privacy notices. How much sensitive data you have and where it is.

9.   Demonstrate compliance to regulators on a security by design basis and maintain records of data protection management. If you have not got consent to hold a person’s personal data – delete it.

10. Take practical steps to deal with Subject Access Requests and the Right to Erasure – again there are tools out there to help speed this process up.

Good luck as time is ticking!

Want to keep up with all our blog posts? Subscribe to our newsletter!

Subscribe