In January 2018, the Irish SME Association (ISME) released the results of a General Data Protection Regulation (GDPR) survey it undertook with its members. It made for interesting reading. Why? Well it appears that while 83% of the 507 respondents are aware of GDPR and 76% are concerned about it, only 30% have identified the actions they need to take, and even less - just 7% - have completed their GDPR plan.
So what to do?
Given the new legal framework is the biggest change to data privacy legislation in the last 20 years and that the new rules will undoubtedly cause disruption to how businesses store, manage and process personal data, doing nothing really isn't an option.
At a recent event in the Hilton Hotel in Dublin, Eoghan Doyle, a Partner with Philip Lee Solicitors, said that one of the most significant changes under the GDPR is the new standard for obtaining consent for the processing of personal data. "Most businesses who engage in e-mail marketing to their clients or customers rely on their consent to such marketing."
Some of the steps you should take:
Step 1: Review your marketing lists and databases for evident of consent
Step 2: Refresh any consents that do not comply with GDPR
Step 3: Delete any personal data where you have not received a fresh consent
Step 4: Keep clear records and maintain and implement policies and procedures
Yes, there will be penalties for non-compliance. Fines of up to €20 million or 4% of annual global turnover (whichever is higher) could be imposed. No wonder ISME CEO Neil McDonnell said “...businesses are curious about it...".
It's an extremely complicated area and compliance is definitely not straightforward but with only 88 days to go to the 25th May deadline, business need to be more than just curious...