What The New Data Protection Laws Mean For Small Businesses, Individuals and Freelancers

This May, new Data Protection laws will be coming into place, specifically, the Data Protection Act will be replaced by the General Data Protection Regulation.

What’s the difference? The GDPR will have new rules around the storage and handling of personal information and there will be stricter punishments in place for those who fail to comply.

Why the new law? The short answer is because hackers are more easily able to access data from small to medium businesses than they are to hack huge, well-protected corporate networks.

Changes in Consent

agree-1728448_1920.jpg

At the moment it’s sufficient to ask someone to tick or even to untick a box in order to consent to the storage of their data.

Under the new laws, consent means active agreement. This means you cannot pre-tick a ‘subscribe me’ button.

Not only this, but companies need to be able to show a clear audit trail of consent, including screen grabs or saved consent forms.

Individuals also have the right to withdraw consent at any time, and it has to be effective and efficient. When someone withdraws consent all of their personal data must be immediately and permanently erased. It is not enough to remove them from the mailing list.

If you are subject to a data breach, you also have to inform the relevant authorities immediately and you must notify all individuals affected within 72 hours of the initial breach.

What does this mean for people that use e-mail marketing (and am I one of those people?)

If you have a newsletter that people subscribe to, or if you send e-mails to a database of people on whatever basis, this concerns you.

And it doesn’t just concern all the new data you might collect. It concerns all the data you currently have.

Any kind of personal data you keep has to follow these rules and you and you alone are responsible for being able to prove that someone has consented to have their data kept on file by you.

This means you can no longer capture e-mails through a competition and then add them into your mailing list, or you cannot auto-subscribe (for example) people that have bought a ticket to your show to your newsletter.

Does the GDPR apply to my personal blog?

kaboompics_Young woman sitting on the sofa and working on her laptop.jpg

The GDPR applies to all enterprises. So if you run a business from home, or if your blog/website is engaged in “economic activity” i.e. you use it to make money – this applies to you.

It does not apply to people processing personal data in the course of a purely personal or household activity. I.e. if you have your plumber’s email address on file, that’s fine. If you’re sending your plumber an email telling him that you have a new kind of product available for sale, that’s not fine.

So what do I do now?

For every e-mail address in your system, you need to go back and seek explicit permission from the person to continue to send them whatever communication you are sending them.

If you cannot provide evidence of consent, you cannot send them emails and you must delete their data permanently.

This means you will need to launch a re-permission campaign and bring your entire database up to GDPR standards.

What are the consequences of non-compliance?

Fines. These are tiered based on the level of non-compliance and the severity of the violation, and they are capped at 4% of an annual turnover of €20million.

Ouch.

Check out our next post on how to run a GDPR compliant re-consent campaign.

Disclaimer: None of the above constitutes legal advice. If you are in doubt, we recommend you seek professional legal guidance.

penguinPenguin in the Room @prartsmarketing is a group of creatives with an arts marketing dream: penguin stepping our way into the arts industry and helping other creatives flourish! Specialising in online marketing, social media, branding, copy writing, media coaching and web design for actors, artists, casting directors, agents, production companies, theatre companies and creative individuals.

Contact us any time for penguin chats via email:info@penguinintheroom.com or Facebook.com/penguinintheroom or waddle over to our website: www.penguinintheroom.com

1 thought on “What The New Data Protection Laws Mean For Small Businesses, Individuals and Freelancers

  1. Pingback: 3 Steps To Running A Re-Consent Campaign For Your Newsletter Subscribers | The Penguin in the Room Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s