GDPR is a new legislation that will apply automatically and become part of UK law from May 25th, 2018. GDPR will impact any UK organisation that uses personal data from EU citizens, and affects the following key areas and the way organisations handle, collect and store data:
Unbundled – consent request must be separate from all other terms.
Active opt-in – pre-ticked boxes no longer valid, clear opt-in boxes needed.
Granular – more control given to consumers about what they’re consenting to.
Named – state who your organisation is and list any third parties data will be shared with.
Documented – maintain detailed records of consent (what was consented to, method of consent, etc).
Easy consent withdrawal – organisation must implement easy, quick methods for consent withdrawal and inform individuals of their rights.
Freely given – Consent must always be given freely.
Consequences - Failure to comply with GDPR legislation puts your organisation at risk to be fined 4% of turnover or €20M; whichever is higher.