Why does GDPR matter?
MSB members and subscribers who receive our e-bulletin will be receiving emails asking them to opt-in to continue to receive the e-bulletin after the 25th May 2018.
This is because we face new legal requirements from May 2018 on how we collect, store and use information. Under the new General Data Protection Regulation (GDPR) all businesses must obtain customers’ consent to collect, store and use their personal data.
We will also face more checks on how we protect and maintain such data, both in digital and paper formats.
Informed customer consent is the key theme of GDPR. The new law will make it easier for everyone to withdraw consent for business use of their personal data, or to ask to move it to another service provider or be erased.
The new regulations are being enacted across the European Union including the UK. The aim is to modernise and align all data protection laws affecting people located in Europe and to build better trust and transparency between customers and organisations which collect and use personal data.
‘Personal data’ can include email addresses, internet protocol (IP) addresses, telephone numbers, bank account details, health records, economic or social information. This type of information could be stored in emails, spreadsheets, databases, invoices, or contact lists. GDPR is also designed to allow parents and guardians to give consent for children’s data to be used.
GDPR will impact across many levels, roles and services – including IT, marketing and administration activities.
Consent is vital under GDPR for us to collect, store and use personal data from our contacts. Consent must be given freely and the new laws say consent must be specific, informed and unambiguous. We cannot assume we have consent even if our relationship with you is good and long-standing
Another key requirement under GDPR is for us is to keep detailed records of our data processing methods for potential inspection – failing to do so could result in a heavy fine.
More advice on GDPR is available from ico.org.uk
PLEASE NOTE: Businesses should not confuse GDPR requirements on consent and personal data with other individual privacy laws – visit our Information Governance resource for more information.