How WIDA are ensuring GDPR compliance?
The General Data Protection Regulation (GDPR) came into force on 25th May 2018 and covers the processing and controlling of the collection, storage and use of personal data. GDPR is a very hot topic right now and we want to be clear about how our data and processes meet the new standard.
GDPR compliance is very important to us. We have already invested a lot of time and resource to get this right , and have been working in consultation with advisors throughout the process. Every individual within the business has a responsibility for our continued success and therefore everyone is fully immersed in our extensive GDPR compliance and training programme.
Our data collection and processing methods:
1-WIDA will use three lawful bases for processing personal data, legitimate interest, consent and contract. We have produced an unbiased legitimate interest assessment for each element of personally identifiable information that we process.
2-Our lawful bases will be stated in our privacy notice and will be made evident to everyone who gives their consent for WIDA to process their data. In practice, this means that we will continue to gain consent from industry professionals to pass on their email address as part of our project reports for our clients. We already record this in our database and will continue to do so.
3-We work closely with members of the Direct Marketing Association (DMA) who provide best-practice marketing guidance underpinned by a code that puts the customer at the heart of everything they do.
4-Our fully audited GDPR compliance documentation is available to view on request.
What does this means to our clients?
You can continue to use our data to support your sales and marketing activities, as long as you adhere to GDPR regarding the collection, storage and use of personal data within your own business. We recommend that you take independent advice to ensure that you comply. Using personal data for the purposes of electronic marketing communications continues to be covered by the Privacy and Electronic Communications Regulations 2003.
1- We have audited every process within the business to ensure we are compliant with GDPR. As such we have revised processes and procedures where necessary so that as a business everyone understands their role in ensuring compliance with GDPR. It should be noted that GDPR relates solely to personal data, meaning a lot of existing processes remain unchanged.
2- The data that we supplied prior to 25th May 2018 adhered to the existing Data Protection Act (DPA) and the data we collect after 25th May 2018 will adhere to GDPR. GDPR does not mean you cannot process personal data, and the vast majority of the data we collect will remain unchanged.
3-The Information Commissioner’s Office (ICO) does state that contact names are personal data, however you are still able to process personal data as long as you have a lawful basis for doing so. Our lawful bases allow us to continue to hold and process contact names.
4-The data we supply to you remains the same. However it is your responsibility to comply with GDPR for collection, storage and use of personal data within your business. Remember that under GDPR you are now the data controller and you now have to give data subjects’ enhanced rights around their personal data. You must also comply with existing regulations such as PECR. It also remains your responsibility to adhere to our contracted terms and conditions.
5- Once you have processed data and imported it into your CRM or equivalent, under GDPR this means you are now the data controller. It is therefore your responsibility to comply with GDPR with regards to the data that you already hold. Consent gained prior to 25th May 2018 has been obtained under existing DPA regulations and is something you must be aware of. We will be refreshing our consent with individuals as an ongoing process, something we already do as “best practice” to comply with DPA, and something we will continue to do to comply with GDPR.