GDPR - what you need to know

25 October 2017 by Ahmed Eltohamy

The new General Data Protection Regulation (GDPR) comes into force on 25th May 2018, but do you know how it will affect membership management you and how your members engage with you? What changes will you need to put in place within your Membership CRM database? Here are five things you should know.

 

#1 The UK’s decision to leave the EU will NOT affect the date of commencement or your need to  adhere to the regulation

If you operate in the EU, regardless of whether you are based in or outside the area, you will need to comply. If you are a UK-only organisation and have no EU contact data, the advice is still to comply. If you’re subject to the Data Protection Act (DPA) 1998 then you will be subject to GDPR.

#2 As with the DPA, GDPR applies to personal data BUT this now includes online identifiers

Any online identifiers like cookies are now included so you need to provide the ability for contacts to opt into such activity and record the provision of consent. If you use Google Analytics then this includes you.

#3 You need to be able to prove on what basis you are ‘lawfully processing’ data

Consent is one option, and will be the most common method used. But there are two other options to consider… Do you need to process the data for the necessary performance of a contract? This is another option. Is it in the Data Controller’s legitimate interest? Beware of this one - the Information Commissioner’s Office (ICO) has already warned this will be hard to prove. Find out more »

#4 Consent can be provided in a number of ways

The most common way will be ticking an opt-in box but it could be a Yes/No option; a preference dashboard; double opt-in; or volunteering information for a specific purpose. It is NOT pre-checked boxes or opting out. By the way, the ICO recommends refreshing consent every two years.

#5 You need to record the provision of consent against the contact record

Most probably in your Membership CRM system. Details need to include who consented (name, online username, session ID etc.); when consent was given; what the policy was at the time; and how consent was given.

 

It’s not long before GDPR comes into force - now’s the time to get your head around it all and develop an action plan.

You can get a lot of information on GDPR from the ICO website (such as the 12 Steps to Take Right Now), from Microsoft (check out their GDPR Trust Centre) and we are here to help and advise. Call us on 0845 544 2043.