General Data Protection Regulation (GDPR) in the UK

What is GDPR?

General Data Protection Regulation (GDPR) is a new EU law around data protection.

When will it apply?

The GDPR will apply in the UK from the 25th of May 2018. The British government have confirmed leaving the EU will not affect the commencement of GDPR.

Who does the GDPR apply to?

The GDPR applies to any organisation carrying out business within the EU. It also applies to any organisation out of the EU but offer goods or services to individuals in the European Union.

What are the Key Principles?

In the draft guidance, the ICO lists the main changes that email marketers will need to consider:

(i) Active opt-in: the GDPR makes it clear in the recitals that pre-ticked boxes are not a valid form of consent. Clear opt-in boxes should be used.

(ii) Unbundled: asking for consent should be separate from other terms and conditions so individuals are clear what they consenting to. Consent should not be a pre-condition of signing up to a service unless it is necessary for that service.

(iii) Granular: where there are various different types of data processing that may occur, allow for separate consent as much as possible. The ICO want organisations to be as granular as possible which means giving consumers more control over what they’re consenting to.

(iv) Named: always tell individuals who your organisation is and name any third parties that the data will be shared with. The draft ICO guidance states that terms like ‘we will only share your data with other mens clothing retailers’ are not specific enough. The individual organisations the data will be shared with need to be named.

(iv) Easy to withdraw: individuals should be easily able to withdraw their consent. Organisations must put in place simple and fast methods for withdrawing consent. Tell individuals about their right to withdraw consent.

(v) Documented: maintain records of the consents you have. Record the following information: what the individual has consented to; what they were told at the time; and the method of consent.

ICO GDPR consent guidance

About Fraser Clark

I've been a professional developer for over 10 years. I've been consulting and developing websites & software for small businesses, multi-nationals & governments.

I'm an expert in WordPress, Drupal, Laravel & a whole host of other platforms.

More about Fraser | Get in touch