Like the eponymous French wine – we’ll soon be saying GDPR 2018 est arrivé. But what is it? GDPR I mean; I assume you know all about Beaujolais wine already.
GDPR, short for General Data Protection Regulation, comes into force on 25 May, 2018. The regulation will create a single market of data for anyone with EU based customers, suppliers or staff (including the UK regardless of Brexit).
It supersedes all pre-existing data legislations, making it much easier for contractors, companies and organisations to share data across borders and know that it is secure and everyone is biding by the same set of rules.
The new legislation is designed to incentivise organisations to handle their clients or customers data responsibly. If not, they could be landed with a heavy fine – up to four per cent of their turnover or €20 million, whichever if higher. It is hoped the harsh fines will help stop cold callers and spammers.
As freelancers, we are responsible for implementing the GDPR rules in our work (and possibly with our clients too). But we are also private people, who will now be better informed about where our data is, who has access to it and most importantly, we will have more control over what information is stored.
Although GDPR is complex, do not fear. In most cases, as a freelancer or contractor, if you stick my three key principles you will be fine:
Ensure you have a legitimate reason to collect personal data, you have recorded the justifications for this reason, and you have a record of ‘consent’ if required.
Most probably, you will have a database of customers to whom you sell your services and possibly an email marketing list and/or newsletter. You will still be able to continue to build a list of potential business clients and contact them individually without first asking for consent.
However, you will need opt-in consent if you want to send them newsletters and marketing material. This essentially means making sure there are no pre-ticked boxes or implied consent used when you initially engage with your contact.
People should be able to unsubscribe from your newsletters just as easily as it was to subscribe.
You should also be able to amend or remove their data from your contacts database if requested. Being transparent is also about ensuring your contacts know what you will be doing with their data and who it is shared with.
Do you remember the old technique of connecting with lots of people on LinkedIn and then adding them to your newsletter? That’s been a nono for a few years, but now if someone does it, they can be heavily fined.
Keep the data safe – cyber-safe that is! Ensure you have strong passwords, up-to-date security software on your devices (laptops, tablets and smart phones) and perform regular checks and updates.
Also, actively retire and replace any devices that are no longer cyber-safe, such as 80 per cent of Android smart phones, iPhone 5c and older iPhones as well as many smarthome devices). Lastly, encrypt your data.
Oh, and don’t do anything stupid. Yeah, like click a bad link! About half of all data breaches are a result of human error such as link clicking or leaving USB sticks containing personal data in a bar – which has ended many careers!
Top tip: take time to review and record the way you collect and use data and your cyber-security. Make a list of areas to improve and start taking the first steps. Track all your actions in a document and keep it safe. This document will show good intention and probably keep you safe from fines or brand damage should a breach occur. And on that note, make sure you also have a documented protocol of the steps to take if a breach occurs.
By Neil Lewis
*Neil Lewis is the publisher at CyberSafe.com, dedicated to making online life safer for small and home businesses.