Skip to content
PromoVeritas
PromoVeritas
Contact Us
PromoVeritas
  • Home
  • About Us
  • What We Do and Why
  • Our Work
  • News
  • Join the Team
  • Contact

Only 9 months until GDPR. Are you ready for the EU’s new data protection laws?

PromoVeritas August 14, 2017

General Data Protection Regulation comes into effect on the 25th May 2018 and will bring a new far stricter set of data protection regulations that will apply to any company seeking to trade in the UK or the EU. It also brings new heavy fines for breaches – up to €20 million or 4% of global turnover (whichever is greater!). Here is what you need to know to get your company ready for GDPR:

  1. What is personal data – data is now to be defined as anything that can identify a person. This is not just a name, address or telephone number, it can also be their social media accounts, IP addresses, internet history, location data, shopping habits and much more especially when combined with other equally innocent looking pieces of data.
  2. You are always responsible – whether you are the brand owner, an agency processing data on behalf of your client, a fulfilment company sending out direct mail, an international company based outside the EU or anything in-between, if there is a breach all of you are liable. This means you must review the policies of both your clients and your suppliers to ensure they are GDPR compliant and that all parties have strict contracts in place about how they use, collect or store consumer data.
  3. Consent – must be positive and freely given. This is the end of “opt out if you do not wish to receive” boxes. Consent should be in plain language, is for the time being only, not for ever and should clearly express what you will use the data for. If your data has not been gathered in this way, as most currently is not, then continuing to use this data or even possibly even just storing this data, will be a breach post May 2018.
  4. Breaches – if you lose any data or suffer any other type of breach you now have just 72 hours to notify the ICO and those affected (clients, consumers, suppliers, staff etc.) by the breach. This could be the hardest part of GDPR as it will require being able to spot or monitor breaches, as well as identify who they have affected, very quickly. With so much data still held on individual machines and no central access or register, it is important to introduce new policies on who and where data can be stored in the future to avoid these risks.
  5. Right to Access and the Right to be forgotten – the need for a single company database is reinforced by the need to comply with these new consumer powers: the right to access my data (what do you hold on me and how are you using my data) and the right to be forgotten (I want you to delete my data from all your systems). For a company without a central database this will be almost impossible to comply with, there is always the risk of a rogue file on someone’s computer. For the future, you will need to have systems in place that tracks every piece of data, records where it is stored and how it is used.
  6. Privacy starts with internal policy –  the new laws will affect every part of the business and so new policies may need to be in place before GDPR to correctly guide employees on their responsibilities. Although putting polices in place is one step towards protecting your liability, training and checking they are followed is the only sure way to stay compliant. A policy that isn’t followed isn’t a policy.
  7. The time to start was yesterday – the first draft of GDPR were published in May 2016 so “that there has not been enough time” is no excuse .

PromoVeritas are experts in compliance. We have been working for 15 years to mitigate risk, provide understanding of the law and write policies that protect you from harm.

With GDPR in mind, we have put together a comprehensive set of services designed to help you to be both knowledgeable and compliant. They apply to anyone who obtains, stores or uses data, whether they are an agency, a brand, UK based or international.

Training – the best way to avoid breaches and minimise the punishment if one was to occur is to show that you have taken steps to become GDPR complaint. The first of which is to train yourselves and your staff in what GDPR means for your business. We can provide a comprehensive look at how GDPR will affect your company, and options for becoming compliant. Lasting 3 to 4 hours it is suitable for marketing, data and legal staff and covers every aspect of the new laws.

Your offices – we can deliver the presentation to up to 20 people that is exclusively aimed towards your business and strongly advise representatives from Senior management, HR and Finance attend as all of them will be affected.

Our offices – we run regular training sessions and webinars from our head office in North West London

GDPR Road Map – this is a personalised report, compiled by one of our highly qualified consultants and involving a comprehensive review of your business and how you handle data. Typically lasting 3 days we will review your company’s current policies, how they are being followed, how they comply with GDPR, what gaps there might be and what your options are. We will leave you with a clear road map that you can action to move you towards GDPR compliance.

Policy Review – our in-house Legal team can write new data privacy contracts, service level agreements and all other policies and contracts to ensure you and your company are protected from suppliers, clients and staff.

BSI 10012 Certification – much of the work you do to get ready for GDPR will take you a long way towards BSI compliant as well. If you wish to get certified to BS10012, our consultants will conduct a pre-certification test to give you the best chance of passing and that you can use to show you are ahead of the game.

Pre-GDPR review – Prior to the 25th May we can conduct a review of your policies and how they are being followed. Is everything ready for the new law and is all the data you use compliant?

To find out more about our GDPR services contact us on +44 203 325 6000 or email info@promoveritas.com

« Brands and their followers are still victims of fake Facebook pages BBC reports on the rise of fake Facebook promotions »

Call us on 0203 325 6000 to find out how we can help your promotion

+44 (0)203 325 6000
info@promoveritas.com
  • Home
  • About Us
  • What We Do and Why
  • Our Work
  • News
  • Join the Team
  • Contact
Proud members of ISO-27001 Accredited Proud members of
Run it Right.
© 2023 PromoVeritas
Privacy Policy Terms of Service Website Terms & Conditions Cookies Policy
We use cookies on our website. All the cookies we use can be viewed using the Cookie Settings button. By clicking “ACCEPT” you consent to the use of all cookies. You cannot disable our essential cookies.
Do not sell my personal information.
Read More
ACCEPTCookie settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Essential
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

CookieTypeDurationDescription
cookielawinfo-checkbox-necessary011 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary011 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
viewed_cookie_policy011 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Non Essential

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

CookieTypeDurationDescription
_ga01 yearThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_UA-15728851-301 minuteThis is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid01 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
bcookie01 yearThis cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie11 year
csrftoken011 monthsThis cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
GPS030 minutesThis cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE11 yearUsed by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
ig_did11 year
ig_nrcb01 year
lang0This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
li_sugr02 months
lidc01 dayThis cookie is set by LinkedIn and used for routing.
lissc01 year
mid01 yearThe cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
test_cookie011 months
u02 months
UserMatchHistory01 month
VISITOR_INFO1_LIVE15 monthsThis cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC1This cookies is set by Youtube and is used to track the views of embedded videos.
Save & Accept