Latest News

February 13th 2018

Are you ready for GDPR?

New legislation governing how organisations will collect, manage and use their data in future will be upon us in a little over four months time. General Data Protection Regulation (GDPR) will forever change the way that organisations work with the data of their customers and indeed potential customers.

What is GDPR?

Essentially GDPR is a new set of regulations aimed at making data protection stronger for citizens of the EU and the wider global marketplace. Fundamentally GDPR is aimed at making companies act with greater integrity when it comes to the data of individuals.

Who does it affect?

Any organisation that collects data from citizens within the EU will be forced to comply to some extent with GDPR. Whether you collect data from internal databases, CRM’s or just via email you need to comply.

We are not going to be in the EU?

Surely in the UK we don’t need to worry about this thanks to Brexit? Well, not really. The first point is that the law comes into place before the start of the withdrawal process. There is every likelihood that we will adopt the legislation into domestic law after Brexit.

The power of one

The guiding principal behind GDPR is one single set of regulations to govern all EU member states. Each member state will designate a Supervisory Authority (SA) to ensure compliance with the new legislation.

A lack of transparency results in mistrust

GDPR will place demands on companies to become more transparent with how they use an individual’s personal data and the length of time in which they intend to use that data. The legislation requires organisations to state which data is being processed and for what reasons. Individuals must have a clear understanding about who to contact at an organisation with regard to data processing.

We are living in an age of consent

An audit trail must be available to demonstrate that an organisation has been given consent by an individual *before* their data can be processed. Also, that data can ONLY be used for the purposes it has been gathered for. In plain terms if you receive an email enquiry this does not mean that the enquirer can go straight onto your mailing list. You must ask for their consent.

Psuedonimisation - it's all in the name

The new legislation makes reference to psuedonimisation. In simple terms this is a way to stop an individual’s details that are being stored being attributed to that person without the inclusion of additional information. This is aimed to prevent the circumvention of the new legislation by using specific ID codes, which allow the manipulation of a person’s data.

What to do in case of a breach

Should you encounter a security breach under the new legislations you are required to have an appropriate process in place. Depending on the seriousness of the breach you have a legal obligation to report it within 72 hours. There is more to read on what to do in the event of a breach on the Information Commissioner’s Office website ››

“Greensquare” and “Green Square” are the registered trademarks of Green Square Brand Design Limited. All rights reserved.