Sell your way, when and how your business needs
Intuitive and cloud-based
Understand your customers at the deepest level
Create new revenue streams
Avoid the paper clutter
Revolutionise your venue
We supply the hardware. You supply the fun.
Personalise your customer communications
2nd February 2018
12th May 2017
30th March 2017
By Ashlee Omeara
The following article is designed to provide an;
The General Data Protection Regulation (GDPR) is a new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.
The GDPR takes effect on May 25, 2018.
No. The GDPR requires that if the personal data of European residents is exported outside of Europe, then that personal data must be adequately protected. Companies are already required to take these steps under existing law.
The General Data Protection Regulation (GDPR) increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
Since every business is different and the GDPR takes a risk-based approach to data protection, companies should work to assess their own data collection and storage practices (including the ways they use Roller software), and seek their own legal advice to ensure that their business practices comply with the GDPR. In determining your next steps, here are twelve guidance points provided by regulators within Europe;
You should make sure that decision-makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments and work out how and when to implement them in your organisation.
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority.
ROLLER welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for ROLLER to deepen our commitment to data protection. Similar to existing legal requirements, compliance with the GDPR requires a partnership between ROLLER and our customers in their use of our services. ROLLER will comply with the GDPR in the delivery of our service to our customers. We are also dedicated to helping our customers comply with the GDPR. We have closely analyzed the requirements of the GDPR and are working to make enhancements to our products, contracts, and documentation to help support Roller’s and our customers’ compliance with the GDPR.
Though we are continuing to work through a number of enhancements, ROLLER has appointed a Data Protection Officer and appointed a local representative in the UK to oversee the implementation of these enhancements. We have also implemented technical and organizational measures to;
Although ROLLER can’t help companies be fully compliant, there are many GDPR-friendly features already available are part of the ROLLER software.
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they’re submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since ROLLER helps you create your own forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
Here’s how to enable an “Accepting Marketing” opt-in on your ROLLER platform.
Please note, if you are using Forms as a standalone process, you will need to create a checkbox similar to the Accepting Marketing message in the check out flow.
Double opt-in is a procedure that allows visitors who fill out a form to confirm they want to receive communications from you. The GDPR is silent on whether this form of consent is required, and unless guidance to the contrary is issued by the EU or our supervisory authority, our view is that this is not mandatory under the GDPR.
That said, many businesses will prefer to use ‘double opt-in’ as an additional protective measure, obtaining consent from a specific individual. Like most Email Database programs do, ROLLER provides double opt-in as part of our ROLLER Mail module.
Once enabled, the double opt-in feature sends an opt-in request email to all contacts who join your mailing list for the first time. To activate this on your ROLLER Mail account, please follow these steps for each list:
To edit an existing list to have Confirmed opt-in, please follow these steps (but please note this will only trigger for new emails added to the list not pre-existing emails):
Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.
ROLLER is working on functionality to ensure the service is fully GDPR compliant by the May 2018 deadline. That said, ROLLER software already lets you export data from a person’s contact record from your ROLLER portal in a user-friendly format. It’s as simple as searching for the person’s contact record and then taking the desired action. The whole process takes seconds.
This will assist customers in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your ROLLER account.
Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.
Follow this step-by-step process to learn how to edit the information on any Customer Record:
When you send emails to prospects and customers using ROLLER Mail, they include an unsubscribe button, which allows customers to easily let you know that they want to withdraw consent to receiving marketing emails from you. This feature also helps companies comply with the EU E-Privacy legislation governing direct marketing.
Additionally, our email preferences functionality allows customers and prospects to choose which categories of email they want to receive.
All lists automatically default to unsubscribe a customer from the entire database, if you would like to change this setting for certain lists, please follow the steps below:
As you can see, there are many GDPR-friendly features you can use on your path to being compliant. This new legal outlook is also a great opportunity to revise how you may be approaching end customers and what you can do to treat these relationships with the highest care.
The following regulators within the European Union have provided specific guidance on the GDPR:
This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.