In a Nutshell: The upcoming GDPR will apply to all client and customer data that your business currently holds and will hold in any point of the future. This can include something as simple as their e-mail address and of course includes more personal and sensitive information such as credit and debit card details etc. There are two main aspects to this data. Firstly, the owners of it will explicitly have to ‘opt-in’ to receiving communication and marketing updates from you. The currently wide-used practice of ‘Please tick here if you do not wish to receive . . .’ will not be compliant anymore. Should they opt-in, they have to be informed of what exactly their data will be used for and also how they can easily opt-out at any time. Secondly, any data breaches or leaks in connection to the data your business holds and processes will have to be flagged to both local data protection authorities and affected parties within seventy-two hours.
The GDPR is coming and it is in the best interest of businesses of all shapes and sizes to be ready for it. This blog exists purely as a reminder and to offer some simple and friendly advice from one conscious business to another. We implore our readers to ready themselves and fortify themselves with the necessary information to protect their customers, their data and their business.