In May, a new regulatory system governing spam and other data abuses will come into force with the General Data Protection Regulation (GDPR) which will, for the first time, seek to harmonise rules across all 28, member states. It means anyone who uses business productivity tools or multiple delivery systems such as Wix Shout Out, Mailchimp and Survey Monkey as part of their marketing mix will have to be aware of rules governing spam and much else.
Predictably, there’s been a lot of fear – and fear-mongering – generated by the rules with predictions that they threaten to tie-up small businesses in mountains of red tape, restricting their marketing activities to the point where they’ll be unable to send a simple email.
4 simple measures to meet your GDPR obligations
Ashley Marron, CEO of East Kilbride-based Barvas, a management software tool for small and medium sized businesses reviewed the regulation and in his view, by taking four simple measures, you can meet your obligations without much time and expense.
- The first thing you should do is to ensure all your email marketing includes an ‘unsubscribe’ option. While not quite a catch-all solution, this will go a long way to ensuring you comply with the new regulation.
- Secondly, you should determine whether your organisation handles personal information as ‘data processor’ or ‘data controller’. The GDPR draws a distinction between the two, recognising that not all businesses and organisations involved in the processing of data have the same responsibility.
A data controller determines the purposes for which and the manner in which any personal data is processed while the processor processes the data on behalf of the controller.
Processing can involve anything from obtaining, recording or holding information, organising, adapting or altering it, to retrieval and use of the information including publishing, blocking, erasing or destroying it.
The interpreting of data – making a professional judgement or significant decision-making in relation to it – must be done by a data controller.
- The next thing you should do is to complete the Information Commissioner’s checklist to help identify gaps in your current processes.
- Finally, you should conduct an information audit to map data flows in your business or organisation in order to understand how personal information flows through your business processes.
To ensure you comply there is a need to identify the key processes, documenting as needed, and ensure you have an audit trail to prove compliance.
As a seller of online business productivity tools, Barvas have taken a proactive approach to ensure they comply. For their customers, Barvas have included a downloadable template in their software to help demystify the key steps and navigate users through the process.
