We’re sorry but our online service and app are currently unavailable. We expect them to be up and running again soon, but if you need urgent assistance please contact your Account Manager or call our customer services team on +44 (0) 20 7847 9494

If you are having difficulty locating the information you require, we're here to help. Just get in touch and we will do our best to assist you.

Are you ready for GDPR?

business-articlesAre you ready for GDPR?
The European Union’s new General Data Protection Regulation (GDPR) has been a hot topic amongst business owners and service providers for several months now - and with good reason.

The regulations significantly clampdown on the ways in which you can collect data, and what you can use it for.
What’s more, the punishments for breaching data regulations or misusing customer data can be a fine of up to 4% of global annual turnover.

It’s therefore no exaggeration to say that you can’t afford to get on the wrong side of GDPR. Here’s what you need to be thinking about.


What does GDPR change?

The new legislation is attempting to ensure that businesses only collect personal data when absolutely required and with explicit consent.
Changes include:
  • A more comprehensive definition of ‘personal data’, which is likely to see previously exempt businesses now under the jurisdiction of the legislation
  • Requiring businesses to record proof of consent when a subject agrees to have their data collected
  • Statutory obligations for data processors as well as data controllers

Easy ways to get caught out by GDPR

Given how strict the rules are, and how extensive the punishments can be, you want to make sure that your business is on the right side of GDPR.

That could be easier said than done, however, as there are numerous practices used today that you might not even be aware would breach the legislation.

An obvious example is the way in which consent is collected and the data then used. Under GDPR, data can only be used for the purpose for which it was consented; a rule that is likely to wreak havoc with many company’s email marketing strategies for starters.

Unfortunately, one of the pitfalls of preparing for GDPR could be…preparing for GDPR.

Earlier this year Flybe was fined £70,000 for breaking existing data protection rules in an attempt to ensure everyone on its mailing list still wanted to be there.

Obtaining this retrospective consent is important, as you need to be able to prove a data subject agreed to your marketing, but unfortunately for Flybe they also sent millions of emails checking for consent to people who had previously unsubscribed from their marketing.

Your privacy policy could be another source of contention, as the GDPR mandates that it be easy to read and explains clearly and concisely what data you’re collecting and why.

Considering many people copy one off another website and change some of the wording, or use a template, the chances are you may need a rewrite.


How to prepare for GDPR

There are lots of things to check, if not change, regarding your business practices before GDPR comes into force in around two months’ time.

You need to get started straight away if you want to ensure your business is fully-compliant and that potentially expensive breaches are avoided.

Here’s a quick overview of everything you need to consider.
  • Audit your data – know what data you hold, how it was collected, and why
  • Review consent – if you can’t prove your subject consented, obtain it again
  • Update your systems – ensure that data protection is a core focus of all your documentation and system design
  • Ensure easy access for data subjects – make sure you have a system in place to follow when a subject asks to see the data you hold on them
  • Know how to spot a data breach – train yourself and your staff to avoid misuses of data and to spot breaches when they happen
  • Review your privacy notices – are they clear and concise?
  • Know when to do a risk assessment – are you processing high-risk data?
  • Understand whether your business needs a data protection officer (DPO)

Time is running out to prepare for GDPR

The worst-case scenario is that you need to make significant changes to your business practices, data collection and marketing to avoid falling foul of the latest regulations.

For that reason it’s crucial to make sure your business is GDPR compliant as soon as possible.

The effort involved in doing so will be far less inconvenient than the fines that can be levied for breaching the new regulations.


Check our exchange rate

Thanks, we'll be in touch.

Check your inbox - one of our currency experts will be in touch to complete your quote.

If you want see our online exchange rates straight away, simply register online & log in.