CTMfile previously wrote about how much General Data Protection Regulation could cost your company, see, up to £5 billion in fines for the FTSE 100. Here’s the essential guide: Getting to grips with GDPR: A B2B marketers guide from B2B Marketing which details corporates exactly what they need to do to be compliant the day after the law comes into force. In this guide they set out to provide, “an overview of the regulation, and its potential implications, condensing the key areas B2B marketers need to be aware of, distilling the advice that is out there, and providing some practical action to consider in preparation – with the caveat that even with fewer than 12 months to go until it is enacted there is still much interpretation and advice to be provided by regulators.”
This guide defines personal data and lists the six principles which underpin GDPR, that personal data should be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not processed beyond those.
- Adequate, relevant and limited to what’s necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data are processed.
- Processed in a manner that ensures appropriate security of the personal data.
Checklists and advice
The report focuses on the critical action areas: the basics, legal grounds, consent and individual rights.
There are ‘what do now’ checklists:
- General steps:
- Carry out an information audit
- Raise awareness within your organisation
- Review your privacy policies and statements
- Assess your policies and procedures
- Get in touch with your technology providers
- Find out whether you will need to appoint a data protection officer
- Look out for updated guidance
- Be careful.
- Legal Consent
- Individual rights
- Security and data breaches.
The report is ruthlessly detailed on “what you should have done by:"
- September 2017
- February 2018
- 25 May 2018 they explain how corporates will need to have:
- Put in place all systems and processes needed to become GDPR compliant.
- Completed your initial database re-engagement activity, with a final push warning those who do not confirm their consent will not receive any further communication.
CTMfile take: Essential reading for all department heads in MNCs, even corporate treasury departments, if you want to avoid the huge fines.
GDPR: a year away but 86% of companies worried about compliance
By May 2018, companies will have spent an average of €1.3 million ($1.4 million) on systems and training to comply with the General Data Protection Regulation
How much will GDPR cost your company?
Whichever way you look at it, GDPR will cost your company an eye-watering sum: FTSE 100 companies could pay up to £5 billion a year in fines, while compliance does not come cheap
E-crime costs UK retailers £205m a year with personal identification-related frauds most-expensive
The British Retail Consortium (BRC) estimate that the total cost of 'e-crime' to retailers in 2011-12 was at least £205.4 million.