The introduction of the GDPR on the 28th May 2018 see organisations take more responsibility for transparency and use of personal data. There are many questions to be answered – some which won’t become clear until the new regulations kick in, however we answer some of the most frequently asked questions to provide you with some advice.
What is personal data?
Under the GDPR, the definition of personal data is:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular reference to an identifier such as a name, an identification number, location data, an online identifier (such as an IP address) or to one of more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
(Ref: Article 4 GDPR)
How long are you given to update personal data?
If a person makes a request to amend, delete or unsubscribe within their data preferences, a company has to respond and make these changes within 30 days.
How do I report a breach in data?
If your organisation discovers any breach in data, including if it has been stolen or dealt with for any other purposes other than has been explicitly explained, it must be reported within 72 hours to the ICO. Find full details on what you need to do and how to report a data breach here.
Is unsubscribe different from erasure?
If someone chooses to unsubscribe, it doesn’t mean you have to dispose of their data and that you are allowed to keep it safe and may use it in special circumstances – such as if there is a product recall for an item bought, there is a legal challenge concerning that customer or if there is a safety issue with the product they bought.
Complete erasure means just that.
If you have further questions about the introduction of GDPR you can read our more in-depth blog about how to be GDPR compliant here.
If you would like to discover more about how you make sure your business is compliant, email [email protected]