General Data Protection Regulations (GDPR)
For a while, I thought GDPR was the latest work-related dance banter craze for teams, like early morning porridge networking, silent discos or business ping pong tournaments for charity, such was the ferocity of the invites we received to attend events based on it earlier in the year.
But my relief at realising that it had nothing to do with 7:30am breakfast networking was tempered by the fact that GDPR is actually one of the most important new legislation things that we’ll be facing in 2018, and beyond, as a business. Admin with the weirdness of potentially enormous fines, for a gaggle of storytellers, is a major bummer.
We, like many other businesses in our industry, hold a lot of contact information (generally email addresses, and not personal profiling data like that lot) – from mailing lists of people that get our newsletter, and clients newsletters whose data we help to manage for them, to lists of people who have attended our events, buy our magazines and books, and people who have given us business cards over the years when we’ve been at early morning porridge networking silent discos or pizza pong tournaments. All this data sits neatly in databases behind password protected screens and a good proportion of it gets the odd email filled with the most interesting news of our time, beautifully designed and with nice pictures of work we’ve done and nice stock photography from Unsplash and the like.
But the Information Commissioners Office (ICO), those nice folks who you complain to when you get Bitcoin or Viagra emails, have rightly decided that unless people have actively opted in to receive your electronic communications, and you can prove that they have, that you’re leaving yourself open to fines of either €10m or 2% of your turnover (whichever is larger) and a maximum of €20 million or 4% of your turnover (whichever is larger), if somebody complains or they decide to indiscriminately drop in and check your weird SEO emails and database of scraped data from Facebook.
The regulations land proper on 25 May this year and if you google GDPR then you’ll find several thousand blogs with information about what it is, why it’s important and what you need to do to comply. And it genuinely is important. But our advice is to check in with the ICO themselves who are both the sheriffs of this new world and the ones to best advise you how to not get shot with the €10m six-shooter. The following link has most of the information you’ll need but you’ll get them on the phone to answer specific questions about your business, too.
So, there it is, and we’ll not be seeing you anytime soon at a sunrise silent disco for some business card swapping. And even if we did, we won’t be taking your card anymore because you could be a spy for the ICO for all we know, and GDPR is important.
On a final note, if you enjoy reading our newsletter and want to keep receiving it after May then you’ll need to resubscribe here.