What is GDPR?
General Data Protection Regulation (GDPR)1 will apply in the UK from 25 May 2018 and will replace the 1998 Data Protection Act (DPA)2. If you are complying properly with the current law then you’re in good shape. However, there are new elements and some significant changes which will almost certainly lead to changes in how you handle data.
On the 16th of July 1998 I was celebrating my 22nd birthday, preparing for my imminent wedding and completely unaware that the Data Protection Act was being granted royal assent. Mobile phones were just starting to get popular, you used a modem to browse the internet and you were almost certainly not worried about protecting your personal data.
Fast forward 12 months to the summer of ‘99: I was settling in to a new job with a startup that had made a splash selling books over the internet. My first task at Amazon was collecting metrics from the access logs of the website so that we could understand user behaviour. (The relatively tiny number of employees were encouraged to browse Amazon on a separate server so that the logs didn’t get distorted by internal traffic patterns!)
Jump forward another 18 years and the personal data collected by organisations has grown and morphed beyond the wildest estimates. The Internet of Things (IoT), wearable tech and powerful mobile phones are putting data collecting devices into our homes, car and on and inside our bodies.
New data collection abilities (audio, video, health & location) coupled with new advances in artificial intelligence & machine learning are bringing powerful new products and services into our lives.
Amazon have got a little more sophisticated since I scraped their logs: the recently launched Amazon Echo Look will help you decide what to wear but what else could it do with that data?
With this data, Amazon won't be able to just sell you clothes or judge you. It could analyze if you're depressed or pregnant and much else. pic.twitter.com/irc0tLVce9— Zeynep Tufekci (@zeynep) April 26, 2017
Given the changes of the last 20 years it’s not surprising to see a major new piece of data protection legislation. GDPR will apply in the UK from May ‘18. (Although this is EU legislation Brexit is not going to save you.3) GDPR moves the goal posts in a number of places particularly around the area of consent. Consent must be explicit and you will need to prove that consent was given.
You may not be collecting data from inside the human body but if you’ve got a mailing list or a membership database then GDPR will mean changes for you.
Is your CRM GDPR ready?
Sheep’s splendidly simple back-office solution helps not-for-profit organisations streamline their communication, membership, fundraising and event management activities.
Awareness: Do the key decision makers within your organisations know this is coming? The rules are getting tightened and they are being backed by tougher penalties.
- Information Audit:
- What data you are holding?
- Why do you have that data?
- Where did you get the data?
- What level of consent did that data come with?
- Get ahead with our GDPR reading list
Over the coming weeks and months we’ll explore in more detail what GDPR means for charities and membership organisations. We’ll look at the new right to be forgotten, explicit consent, portability rights, explain pseudonymisation and return to the ongoing battle between double and single opt-in.
Disclaimer: I’m an entrepreneur and technologist, not a lawyer. However I’d love to chat informally and talk through how Sheep might be able to help you manage your data.
Photo credit helloquence.