Most organisations that are commercially driven and looking to acquire and develop customers will be focused on adults. So that probably also applies to you, but with some significant variations dependent on the sector you’re working in. As far as the GDPR and the Data Protection Bill that’s making it’s way through Parliament are concerned, no-one under the age of 13 can provide consent (which if you are planning to market to them is your most likely basis for processing their data). And for under 13s their parents or guardians should be responsible for providing consent – with exceptions for specific services like counselling, etc.
As the last two weeks’ pieces of guidance about preparing for the GDPR and new Data Protection Act have been quite dry – looking at contracts and insurance – this week you can have some light relief.
As you know, by now, this weekly series of brief, specific pieces of guidance around preparing for the GDPR and new Data Protection Act is primarily focused on organisations’ customer acquisition, retention and service activities.
But that doesn’t mean there aren’t lots of other things to focus on. An accidental or malicious data loss through a cyber breach could be extremely damaging – even ruinous – both financially and in terms of reputational damage.
So, how did you get on with writing your list of clients and suppliers involved in your ‘personal data infrastructure’ (your task from Week#5)? Odds are it’s quite a lengthy list. Every one of these organisations needs to ensure that their contractual roles are clearly defined ready for the GDPR and new Data Protection Act. The ICO issued its guidance some time ago (www.ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/contracts/) which is pretty self-explanatory and essentially says that the one thing both processors and controllers can’t do without in future are clear, explicit contractual terms on which to process personal data.
The GDPR is potentially confusing, with no shortage of people offering to make it all a little bit more confusing for you. So, in parallel with our ‘one thing at a time mantra’, it makes sense to identify useful, informed and unbiased information sources.
Although we’ve cheekily suggested in the past that “the GDPR is too important to be left to the lawyers”, there are some things that really are best left in their hands, like contracts.
How’s the first week back to work been? If you’re still wanting to get ready for the GDPR & new Data Protection Act – especially from a customer management and experience perspective – here’s tip #4.
As we all know, what the GDPR and new Data Protection Act will mean for businesses has been clouded by scare-mongering, exaggeration and misdirection. However, all that is now over. We are delighted to be able to share with you exactly what will happen in the world of data protection in 2018, month by month.
(and if this doesn’t prove to be 100% accurate, then we’re not ICO accredited GDPR experts!).
If you genuinely are at a loose end over the Christmas break and are desparate for “A Complete Guide to the GDPR” then head over to FieldFisher’s website and download their GDPR App:
Here’s a quick, unscientific experiment you can conduct this week*. Call up your contact centre and say you’re a customer and you’d like to lodge a Subject Access Request.