GDPR is Coming!
Welcome to episode 183, this week I am dedicating the whole episode to this much-requested subject. GDPR is coming next year whether we like it or not so it’s time to start educating ourselves about the dangers and opportunities this presents.
With that in mind, I have taken time to speak with three individuals, two of which you will hear on this show.
As a result, I am skipping any news, cool things or questions this week and will revert back to our normal format next week.
My first interview is with Privacy, Cyber Security and Risk Advisor Jeremy Kajendran who is the UK Privacy Practice Leader for EY
Key points from Jeremy;
- GDPR = General Data Protection Regulation from May 2018
- Data protection act has been in place since 1998 but GDPR is intended to bring the legislation up to date with today’s technology and business practices. Fines are greater and organisations are now having to ensure they are compliant.
- Fines can be up to 4% of global turnover or €20m
- It is a criminal offence in the UK to not be registered with the ICO (Information Commissioners Office)
- Individuals have a right to access to their data (this hasn’t changed)
- Individuals can now ask you to delete their data and stop processing their data as well as asking you to send it back to them.
- The ICO is concerned with protecting individuals from abuse of their privacy.
- The Privacy and Electronic Communications Regulations also run in tandem with GDPR and also worth being familiar with because they could be more onerous.
- Continual opt-in is not a requirement of GDPR. People have to be asked to opt-in to something which is explicit just once but must always be given the option to opt-out.
- It’s unlikely that the ICO will be interested in one-off unsolicited emails. If however, a recipient asks to receive no more emails then you must respect their wishes and could be in trouble if you don’t.
- There will be lots of publicity in May next year which may increase a number of complaints the ICO receive and in practical terms, they are unlikely to be able to follow all of them up. They will prioritise on a risk basis.
- If you are an organisation that processes data on anyone within the EU then you are subject to the GDPR
- LinkedIn Forms are a way of collecting data on people so you are the data controller once you take that information from LinkedIn. The form should make it explicitly clear that by adding details an individual is agreeing to receive more than just the information advertised (ie an e-book). A double opt-in is helpful but the days of signing up for a giveaway is not ‘permission’ to send them anything else unless they explicitly opt-in for ongoing communications. Ideally, this should be included on the sign-up form on LinkedIn
- Explicit opt-in can be a very positive thing because your list open rate is likely to be much higher.
TOP 10 Questions To Ask A GDPR Expert by Jeremy Kajendran
I also had a chat with Kim Bradford who also specialises in GDPR but tends to focus on it from the perspective of small businesses and solopreneurs.
Advice from Kim;
- If you process data on anyone, you need to register with the ICO in the UK. Data can, in theory, include retaining their email asking you to remove their data!
- Registering with the ICO (UK only) may help to mitigate any issues. Put simply a good analogy would be that being investigated and fined by the ICO is like getting caught speeding but not being registered is like getting caught speeding without a valid drivers licence! (see below for a link to register)
- Email providers are slow to react and some appear to be trying to push responsibility onto their customers – perhaps LinkedIn may do the same?
- The ICO are going to issue very clear guidance to people on what businesses can and can’t do regarding their data and clarify their rights on data. This may lead to some people reporting you and even if you have done nothing wrong, the ICO may want to investigate how you hold and use other data (opening a can of worms). That said, as Jeremy stated, the ICO are likely to prioritise based on risk so this is unlikely (provided you haven’t done anything wrong)
- It’s possible that LinkedIn may remove or at least significantly change the feature that allows you to download your connections.
Next, I chatted with LinkedIn Trainer Mark Stonham about how we can use GDPR more positively.
Key points from Mark
- GDPR offers opportunities to LinkedIn users as messaging via InMail, group messages and connection messages because it is LinkedIn that hold the data.
- GDPR increases the need to build stronger relationships with our connections. More one to one communication rather than an email driven ‘spray and pray’ approach.
- Credibility gained via a strong LinkedIn profile and activity will enable you to gain permission for people to want emails from you. Being seen as a credible thought leader can really help in this respect.
- We should use this opportunity to review our relationship and communication strategy.
My friend Greg Cooper has also recently written an excellent piece on the subject.
Other useful links;
The ICO’s Information Rights Strategic Plan document
You can register with the ICO here (UK)
If you have any further questions about GDPR please contact me and I will get back in touch with Jeremy or Kim. You can leave a voicemail by clicking on the ‘ask me a question’ tab on the right edge of this page or email me at firstname.lastname@example.org.
That’s it for this week, don’t forget to leave a voicemail or email me with any questions or suggestions, until next time.
Have a great week everyone.
PS New Service. I am now providing one to one coaching sessions. Click ‘Schedule a call’ and arrange a time to speak directly with me.
Thank you so much for listening. I value your support and interest.
Help me to promote the podcast
It can be difficult to get noticed in iTunes and one thing that can really make a difference is reviews. If you enjoy the show please take a minute to write an honest review in iTunes, it would be most appreciated.
If you are not sure how to write an iTunes review I have made a short video demonstrating how this is done.