We took a hands-on approach to the forthcoming implementation of the General Data Protection Regulation (GDPR) with one of our larger client organisations. The GDPR will apply in the UK from the 25th May 2018. It is aimed at updating current data protection legislation, taking into account new technologies. There are some key changes, particularly for companies who market to customers electronically. All businesses with marketing databases who email and text customers need to ensure new obligations under the GDPR are satisfied.
We met with the senior management team and carried out an in-depth audit of current data protection policies, looking at where customer data was stored, how it was used and where it was sent.
With a task force of managers, we drafted a new privacy notice, supplier terms and updated existing terms and conditions of sale and supply. We advised on the use of historic marketing data and how to ensure that was GDPR compliant going forward.
We updated operating systems so that customer-facing employees were prompted with GDPR compliant wording when obtaining personal data from customers.
We developed a new employee data protection policy and relevant GDPR compliant clauses for employment contracts.
The organisation is now set for next year’s GDPR implementation!