GDPR: Seven questions about personal data breaches

First up, some (sort of) good news. A recent global study conducted by Ponemon Institute found that the average cost to a business of a data breach has declined 10% since 2016, to $3.62 million (£2.79m), or $141/£108 per lost and stolen record.

The not-so-good news is that this decline isn’t likely to continue once the forthcoming General Data Protection Regulation (GDPR) comes into force on May 25, 2018. Not just when you consider the swingeing fines for transgressing GDPR (which can include failing to notify of a breach in time), but the increased costs associated with managing the breach in a timely manner.

Topics: GDPR

GDPR: Four questions about data and 'legitimate interests'

On this date next year, the General Data Protection Regulation will have come into force across Europe and, even with Brexit on the horizon, in the UK, too.

Over the last few months we have covered some of the frequently asked questions about marketing consent, data subject rights and data profiling. This week we look at 'legitimate interests'.

Currently, the guidelines relating to what constitutes as 'legitimate interests' can differ between EU countries. However, an independent advisory board suggests the following assessment take place before any decision is made to process personal data:

Topics: GDPR Article

GDPR: Four questions about data profiling

We are a little over a year away from launch of the General Data Protection Regulation (GDPR) on May 25, 2018. The countdown has begun.

As we have covered in previous GDPR articles, relating to consent and data subject rights, businesses (as a 'data controller' and/or 'data processor') must adhere to new legislation for the collection and use of personal customer data. However, we have yet to talk about an important area that many organizations will want to know more about: 'profiling', and its new definition. 

Topics: GDPR Article

86% of marketers believe that they need to collect as much information as they can on their customers

Survey shows that, with less than a year until GDPR comes into effect, marketers still feel the need to hoard customer data

10 May 2017, BRISTOL, UK: Nearly 9 out of 10 (86%) UK and US marketers believe that for maximum success they need to collect as much information as possible on their customers. This is despite the fast approaching General Data Protection Regulation (GDPR), which encourages marketers to prioritise customer privacy over mass data collection.

Topics: Press Release News GDPR

The importance of ISO27001 compliance

Every week you’ll read a story about a company experiencing a data leak or breach. Often, with expensive repercussions. Needless to say, when it comes to the handling of business data, security and privacy is the watchword.

With this is mind, you want the confidence that your ‘data processor’ (someone who processes data on behalf of a ‘data controller’ – i.e. you) has controls in place to manage the security of such a vital business asset. This assurance comes in the form of an information security standard, known as ISO27001.

Topics: News GDPR

GDPR: Seven questions about data subject rights

While the General Data Protection Regulation will bring many changes, more consistent, comprehensive protection of personal data rights is key to these reforms. Under existing laws, ‘data subjects’ (your customers) have:

  • The right to object to processing for direct marketing
  • Right to be forgotten (e.g. Google’s online search results)
  • The right to make Subject Access Requests (SARs)

However, under GDPR legislation, customers will be able to still be object to processing for direct marketing, but also adds:

  • A right to object to automated processing (profiling) for legitimate interests
  • The right to be forgotten becomes ‘the right to erasure’, which enables data customers to request personal data to be erased ‘without undue delay’
  • Subject Access Requests must now be free of charge

To better understand their responsibilities, here are seven questions marketers should ask about GDPR, data subject rights and SARs:

Topics: GDPR Article

GDPR: Seven questions about marketing consent

Late in March 2017, the ICO reported that it had fined automaker Honda and airline Flybe a combined total of £83,000 ($104,000) for breaching data protection laws, for sending marketing emails to people without the appropriate consent.

These emails, although asking customers to update personal data and marketing preferences, fell afoul of rules as they were considered marketing communications sent to people who had opted out of such messages.

While this was an infringement of the existing Privacy and Electronic Communications Regulations (PECR), it can be seen as a taste of what’s to come under the forthcoming – and stricter – General Data Protection Regulation (GDPR) in May 2018.

Topics: GDPR Article

Government will implement GDPR in UK and new laws will remain post-Brexit

A recent parliamentary committee has confirmed that the UK will fully implement the EU General Data Protection Regulation on May 25, 2018, and a law that mirrors GDPR will remain, even in post-Brexit Britain.

Topics: News GDPR

UK Government confirm opt in to GDPR data protection reforms

After several months of uncertainty, the Government has confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). Speaking at the Culture, Media and Sports Committee on October 24, Secretary of State Karen Bradley MP said:

Topics: News GDPR

Does GDPR apply to organizations outside the EU?

For marketers outside of Europe (and a surprising amount working within it) the General Data Protection Regulation (GDPR) remains something of a mystery. However, this significant update of data protection law is likely to have a noticeable impact across the world.

Topics: GDPR Article