From 25 May 2018, GDPR enforcement starts – and for some companies, it will mean a lot of changes for how they can use customer data.

GDPR stands for the General Data Protection Regulation, a replacement for the Data Protections Act (1998). It’s a European Union regulation so it affects all companies who work and process data within the EU.

If you’re a business owner, it’s important you know what GDPR means for you, so you can work out if you need to make any changes to your processes.

What GDPR means for you

GDPR focuses on putting the customer first – making changes to the law to ensure companies meet higher data protection standards.

If you process customer data, you have a responsibility to handle this lawfully and fairly. Under GDPR, you also need to make sure that this is kept up-to-date and not kept for longer than is necessary.

So, if someone hasn’t been your customer for a long time, you might need to delete their data from your files.

There are also some changes to the ‘data subject access request’ (DSAR) process. This is when a person contacts a company and requests to receive all personal data a company holds on them. The time limit for a DSAR is now one month and companies must now provide this information for free.

You might also need to change how you record and manage your customers’ consenting to using their data. If you have permission from a customer to use their data for marketing purposes, make sure you can show this consent clearly.

If you want to read more about what GDPR means for you and your business, head to the Information Commissioner’s Office (ICO) website.

Why do we need GDPR?

GDPR was needed to bridge a gap from the Data Protections Act. That’s because in 1998, there was no social media and the internet was still developing.

Since then, technology has changed a lot, so the old Data Protection Act doesn’t provide customers with enough protection. GDPR is a data protection regulation for the internet age and it ensures that companies do the right thing by handling their customers’ data appropriately.