Your GDPR Responsibilities
GDPR replaced the 1995 data protection law on the UK on 25th May 2018. It applies to any business that holds personal data in any way.
Every business is different and you need to assess your own data collection and storage practices, seek your own legal advice and ensure that your business is compliant with the GDPR by the deadline, 25th May 2018.
ClientsFirst GDPR compliance
We have worked through our own GDPR project plan and have followed the ‘Getting ready for the GDPR’ checklist hosted on the ICO website which you can see here.
Our project activities included (but were not limited to):
- Reviewing the data we hold as a business
- Documenting the lawful bases for processing this data
- Auditing and updating our terms and conditions and privacy policies
- Changing processes in line with the new GDPR requirements
- Training staff where appropriate on GDPR best practices
As an agency, our relationship with our clients is as a data processor. This means that ClientsFirst and our sub-processors are responsible for processing personal data on behalf of a data controller (your business).
Our sub-processors
We work with a number of sub-processors, such as Dotmailer, which affects our MailFirst clients specifically, that will also ensure compliance from a software perspective. Please note, it is the responsibility of yourselves to review data processes for the personal data held within this software.
Are you on track to be GDPR compliant?
As marketers, GDPR will have a big impact on how we approach our work, and yours. Many clients have come to us for advice to clarify whether their new processes would suffice in line with the new regulations. It’s important to reiterate that you must consult an attorney for advice on your interpretation of the GDPR data protection requirements and the accuracy of your understanding. We are happy to support you with putting processes in place, however, you are unable to rely on us to recommend a solution.
You may wish to refer to the ICO for guidance on your GDPR project. There is a checklist for Data Controllers which is designed to help you, as a data controller, assess your high level compliance with data protection legislation. This should highlight where you are up to with your journey and what you have got left to look into to make sure you are on track.
You will need to invest time and effort in order to be ready for GDPR – please take the time to prioritise this and get in touch with us if you require help in putting processes in place prior to the deadline. ClientsFirst will not be able to work with clients who cannot assure us that the data they store is GDPR compliant.
How we can help
To further assist in putting processes in place, you may wish to look at MailFirst Advanced Training which will take you through the additional features and functionality MailFirst has to offer, such as: double opt-in, segmentation & preference centres, to name but a few.
As well as your email marketing communications, ClientsFirst will also be able to assist with alterations to your other data entry points such as website contact forms, newsletter sign ups and landing page forms for any campaigns that you are currently running. Please get in touch with us to discuss your requirements and we will be happy to help.
Useful resources
What Is GDPR And How Will It Affect Professional Services Firms?
