In less than one month’s time, on the 25 of May to be precise, the General Data Protection Regulation (GDPR) comes into effect and replaces the 1998 UK Data Protection Act. Like most people, I’ve been aware of GDPR for some time but haven’t really paid much attention to it…until now.
I’ve been attending workshops, reading trade press articles and scanning online blogs in order to “gen up” on the subject. The story this week of the horrendous data protection problems at the TSB has helped to demonstrate just how important an issue this is. If that isn’t enough to concentrate the mind, there is also that fact that organisations which are found to have seriously breached GDPR could be hit with fines of up to four per cent of their annual turnover.
So what difference will GDPR make to the way in which PR Consultants like me operate? In my case, the changes I will need to make will be fairly minor and seem to amount to little more than common sense.
Up until a year or so ago I used to email a weekly newsletter to a list of contacts and potential clients. At that time I simply compiled a mailing list and offered people the opportunity to opt out of it. Under GDPR I would now have to invite people to explicitly opt in to receiving that particular piece of communications from me.
As a consumer, GDPR should mean that my email inbox is less cluttered with unsolicited junk mail. It will also, hopefully, mean that the personal information on me which is held by a variety of organisations will be more secure.
The Information Commissioner’s Office has a great deal of general information on the issue which you can download from the ICO website. You can also get more sector specific information from relevant professional institutes; personally I found the National Union of Journalists and Chartered Institute of Public Relations websites to be useful and interesting.
GDPR may seem like a dry and boring subject, but I would strongly advise you not to ignore it.