The General Data Protection Regulation (GDPR) is a hot topic at the forefront of marketers minds around the world. It prescribes new rules for collecting and using personal data of individual EU citizens.
Personal data can be broadly classified as any information relating to an identifiable individual, including, but not limited to:
One of the main objectives of the GDPR is to improve the privacy protections that apply to the personal data of European citizens. This includes new rules, such as:
Who does the GDPR apply to?
The GDPR applies to any organisation established in the European Union that is processing personal data.
It also applies to any organisation that offers goods or services to, or monitors the behaviour of, EU citizens, regardless of whether the organisation has a presence in the European Union or whether the processing is conducted within the European Union.
For many New Zealand based customers, it may not necessarily be the case that GDPR applies to your entire business, and we encourage you to take legal advice on that point.
Where to start?
Once you have worked out how GDPR might apply to your organisation, a good place to start is often to improve your privacy baseline:
Consumers are increasingly concerned around their data and how it’s being used. Taking these steps can provide wider benefits to your organization, even if you are only likely to be subject to GDPR in limited circumstances.
New Zealand itself is currently in the process of passing a new Privacy Bill which will include strengthened enforcement powers for the Privacy Commissioner and mandatory breach reporting. Being compliant with New Zealand Privacy legislation is a good step to improving your overall privacy baseline, and aligning these to what may be required under the GDPR.
How to collect consent?
Under the GDPR, an organisation must be able to justify each type of data processing activity it conducts. One way of doing that (but not the only way) is by gaining the individual’s consent.
GDPR sets high standards for obtaining consent. For marketing purposes an individual must have the opportunity to make the actual choice to provide consent - the opt-in should be clear and require direct action by the individual.
How does Qrious protect data?
At Qrious we understand the importance of aligning our data security approach with industry benchmarks.
Qrious uses a number of data security practices to protect personal information. Currently these include:
For more information on how to prepare for the GDPR watch our webinar presented by Qrious CEO Nathalie Morris and Senior Legal Counsel Ben Winslade.
Legal Disclaimer: The information in this guide does not constitute legal advice. This is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organisation needs to comply with the GDPR.