How to prepare for GDPR (and what if you don’t)20 February 2018
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. These new requirements are a radical change of the existing obligations on companies regarding privacy and the processing of customer data.
What is GDPR?
The European Parliament has adopted the GDPR in April 2016. The provisions reinforce data protection in line with contemporary concerns about personal information and apply to both EU member states and organisations outside the union when processing the data of citizens within it.
Once the GDPR is implemented, every organisation has to demonstrate that good data protection is a cornerstone of the business policy and practices.
What should you do?
The UK Information Commissioner's Office (ICO) launched a straightforward document with 12 steps to take to prepare for GDPR guidance. The document offers a good overview of how organisations can prepare. You can find it here. We highly recommend you to read through this document in detail and seek legal counsel to make sure your garden centre follows the regulations. The ICO also published a self-assessment toolkit which will give guidance on which steps to follow first.
Please note that breaches could result in a fine of up to £18 million (€ 20 million) or four percent of worldwide revenue, whichever figure is higher.
What are we doing?
In the upcoming weeks, our management system is undergoing multiple technical adjustments to be compliant with GDPR.
- Subscribing to newsletters will change, we will now record in which way people subscribe to a newsletter, including the explanatory notes.
- As soon as somebody unsubscribes from a newsletter, we automatically delete the email address after six months.
- When you import data into the newsletter system, you are now obliged to register the source of the email addresses.
- Data entered in contact forms will be deleted after 24 months.
- You will be able to remove customers from the webshop system yourself.
As for the relationship between us and our customers: we will need an agreement between you and Garden Connect where we are getting authorisation to process data on your behalf. We have sent you an email with this data processing agreement. To continue using our services after the 25th of May, it is indispensable we receive a signed form of this agreement. Please contact us if you have not received this email.
How can we help?
To make life easier for you, we can perform a check on your website and/or webshop to see what is necessary to be compliant with the regulation. We are happy to tell you more about this website check, please send us an enquiry at email@example.com to receive more information.
If you require any further information, feel free to send us a message at firstname.lastname@example.org. Because the questions that could arise might have a legal context, we ask you to only use email for this so we can give a comprehensive answer if necessary.