We've officially got under 2 months to go until the new GDPR (General Data Protection Regulation) takes effect.
You've probably all got May 25th underlined in your diaries- gearing up to GDPR D day is all every business blog, webinar and publication seem to be talking about these days.
So why the need for yet another GDPR guide? Well, firstly and simply because a lot of our clients have been approaching us with GDPR concerns, and as the date draws closer, we anticipate getting more of these.
But more importantly, because after conducting some research, we found that a scary amount of UK companies are lagging in their prep, especially within the real estate industry.
And since we work with a lot of real estate agents in the UK, we thought this would be particularly relevant.
Surely, it's not that bad
Oh yes, it is… turns out only 6% of UK companies are completely prepared for the new rules.
And the worst performing industry is real estate and construction, where a whopping 35% of senior decision-makers are not familiar with GDPR and 28% don't have any kind of plan in place if a data breach were to happen (click here to see the full report).
Even more alarmingly, the UK enforcer, the Information Commissioner's Office (ICO) had already issued a warning to the industry back in 2016, for various issues including staff data protection training, records not being kept securely, landlords and tenants not being told how their personal data would be used, among others.
And that was back then, under the current, slightly less stringent set of rules.
GDPR in a nutshellI'm not going to bore you with the technicalities, if you have time, a large cup of coffee and the help of someone with legal training, here's the full document.
But after reading a ton of guides on the internet and bothering our legal counsel with never-ending questions, here's my layman's version of GDPR:
- The GDPR is a EU initiative to standardise data protection laws across Europe and make data processing more transparent.
- If you hear the term "personal data", it generally means any info that could be used to identify someone.
- No more complicated legal footnotes: Companies will have to outline how data is being used and stored in a clear and easy-to-understand way. And we will have to give them clear consent.
- Companies will only be allowed to keep our data for the purpose that it was collected for and for as long as that purpose is being fulfilled.
- And if I, Daniela, wish for a company to delete any of my info, the opt-out and data removal process should be pretty straightforward.
- Companies will also have to have a plan of action to follow a data breach, and will need to inform the ICO within 72hrs if that were to happen.
- Non-compliance could cost you dearly as fines can go up to £20million of 4% of your annual turnover (I bet you have heard about this though!)
...and what about Brexit?
Well, for starters, the UK won't officially leave the EU until the end of March 2019, GDPR is happening way sooner than that.
But it doesn't really matter because you will have to be compliant as long as you hold EU personal data, wherever you are in the world. Also, the UK is implementing a new Data Protection Bill for post-Brexit UK, which will be largely the same as GDPR.
No easy out of this one…
So, here's our 2 cents...
The ICO has outwardly spoken out against panicking, assuring companies that they will be looking to cooperate with them to ensure better practices, reiterating that they prefer "carrots over sticks", so don't start freaking out just yet.
In the meantime, some of the points covered in the real estate telling-off report of 2016 remain relevant today- let's call it your data protection basics, you can find it here.
The ICO have also prepared a more general 12-step guide to prepare for GDPR.
And they have set up a phone helpline for smaller businesses- so if you are a small agency, don't fret, they'll answer your questions.
Here at giosg, we're feeling GDPR ready
We have been working with clients with high security requirements for quite a while, in particular within the banking and healthcare industries. As a result, we have already developed high security features such as the ability to control IP access and encrypt sensitive chat messages.
We are also in the process of getting our ISO27001 certification, the ultimate information security international standard.
And our product teams are working tirelessly to ensure GDPR compliance for our existing clients, looking at what and how data is being stored, how to facilitate opt-outs, etc.
As the only live chat with AI-powered targeting, we have always believed that our products are best in class. Now we're happy to say that we can also give our clients (and prospective clients) some peace of mind in light of these new regulations, as we're confident we're leading the way in our industry in ensuring compliance.
Read Next : giosg compliance with GDPR