247 Detectives

Please Call NOW 0845 520 4121 / 07017 411 007

Please Call NOW 0845 520 4121 / 07017 411 007

Content Area 1

1st Call Detectives Blog

Get the latest information & news from the industry...

Archive +

Tags

Archive by Date

Brexit, personal data and the EU general data protection regulation

by Josef Kafka

The dust seems to be settling on the Brexit vote back in June 2016. Everyone now just seems to be getting on with things while we wait to find out what sort of relationship moving forward we have with EU member states.

Article 50, the relevant section of EU law which allows members to leave the Union, hasn't been invoked yet. The signs are that this won't happen until 2017. If it happens next year, then, sometime in 2019, our membership will end.

Until that time, the UK, its companies and its citizens will still have to obey all existing EU laws, enact any new laws that are coming down the line and hand over billions of pounds a year to still be a member.

The scariest law out of the EU for years?

There's one particular brand new law that was adopted by the EU on 27th April 2016 that's causing a lot of disquiet across a lot of UK companies. This new law, the General Data Protection Regulation (GDPR), won't come into force until 25 May 2018. We'll still have to follow GDPR to the letter as we won't have Brexited by then.

So, what is GDPR and why is it causing such consternation?

According to the EU, its primary aim is to "give citizens back the control of their personal data". To do this, a large body of new related laws (across 118 pages, if you're interested!) is being introduced in an effort to "simplify regulations for businesses". Supporters of the law state that the simplification is achieved by having just one regulatory environment across all EU states. This is instead of the current situation, where 28 member states interpret and apply the existing laws in their own ways.

Bye to email marketing list brokers 

One area that is likely to suffer greatly is the sale of business-to-business email marketing lists. Around a quarter of EU member states allow B2B email marketing messages to be sent to named individuals where the recipient has opted in to receive such email advertisements. 

Under GDPR, this all changes. Named business email marketing data (for example john.smith@company.com) will be considered as personal data once GDPR is enacted. As it will now be treated as personal data, opt-in permission must be given on a company-by-company basis by the individual recipient. So, instead of asking someone joining the database if it's OK to sell their data onto carefully selected third parties, they will now have to tell this person the name of every company it might be sold to and get individual permission for each one.

In the UK, there are 5 or 6 very large providers of B2B email marketing data. Come the introduction of GDPR, their current business model becomes, to all intents and purposes, illegal. The Direct Marketing Association are predicting thousands of job losses in the sector from the 25th May 2018.

What is GDPR trying to achieve?

The underpinning philosophy of GDPR is that personal data can only be collected for legitimate, explicit and specified purposes.

Personal data must be:

• Processed transparently, fairly and lawfully

• Limited to what is necessary for processing, relevant, and adequate

• Kept up-to-date and accurate

• Kept in such a way that the subject (the person whose data record it is) can be identified only as long as is necessary for processing

• Processed in a way that makes sure it's secure.

All this sounds fine in principle. The main concern for companies is how these principles are going to be applied in the real world. In other words, what happens if you mess it up?

Turnover-based fines for unreported breaches

The news is full of data breaches and they normally involve big companies. Under GDPR, all companies will have to notify the Information Commissioner's Office (ICO) when there's been a data breach. You'll then have to contact all of your customers with an assessment on whether the breach will adversely affect their personal data or privacy. Then, you must record a breach log. After that, the ICO will knock on your door and you'll be ordered to prove what you had done to prevent the breach.

If you fail to do this, you could be fined up to 4% of turnover. For a £1m turnover company, that's up to £40,000. With average UK business net profit margins running at 8%, the fine is equivalent to half a year's profit before tax. £40,000 is a lot of money for a company to find. Will their cashflow allow them to pay it off on time? If they can't pay it, what happens to the company and its workers?

There's still lots of time to prepare

…but no-one can be sure of how the world will change once it becomes law. There are two main things to think about when formulating your business's response to the challenge of the GDPR: how you obtain & process data and how you keep it safe.

One question companies will have to ask themselves is how they choose to obtain & process data and use that data to push their business forward. One thing that can't be in question however is that whatever personal data is stored, it must be protected by strong encryption because a customer's right to privacy must be supreme over every other consideration. We don't give our data to a company just for them to mishandle it.

More than ever, GDPR brings cybersecurity into focus. Your systems must be capable of withstanding hacking by even the most determined wrongdoers. If you have multiple sites, you need to use a virtual private network (VPN) to transfer customer data and other sensitive information. Security must be the beating heart of your business: secure communications and secure messaging with customers and colleagues.

1stCallDetectives will be affected by GDPR just like every other company. We will go above and beyond the legal requirements to protect our customers as we value your privacy, security and discretion. We've just successfully carried out the latest stage in making our business as secure as possible, with a new encryption certificate on our site. Watch this blog for more GDPR approaches.

Leave a comment
Areas & Postcodes We Cover
  • NW7, NW9, NW4, NW11, NW2, NW10, NW6, NW3, NW8, NW5, NW1, N20, N12, N3, N2, N10, N6, N8, N19, N7, N1, N5, N4, N16, N15, N17, N18, N11, N14, N21, N9, N13, N22 
  • E4, E17, E18, E5, E10, E11, E8, E9, E2, E1, E14, E3, E16, E6, E13, E15, E7, E12, SW6, SW10, SW5, SW7, SW3, SW1, SW14, SW13, SW15, SW20, SW19, SW18, SW17, SW16, SW12, SW2, SW9, SW8, SW11, SW4
  • EC4, EC1, EC2, EC3, SE1, SE11, SE17, SE16, SE5, SE15, SE14, SE8, SE24, SE22, SE4, SE21, SE23, SE26, SE20, SE25, SE19, SE6, SE12, SE9, SE18, SE2, SE28, SE7, SE10, SE3, SE13 
  • W1P W1M W1N W1R W1S W1T W1U W1V W1W W1X W1Y W1K W1J W1H W1A W1B W1C W1D W1F W1G W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14
     
  • © All rights reserved 2014 '1st Call Detectives'
  • /
  • Website designed & devloped by evokeu