MillerTech GDPR readiness statement
The upcoming General Data Protection Regulation (GDPR) legislation has implications for any organisation that works in the EU, has EU customers or holds data on EU citizens. GDPR is the most significant change to European Union (EU) privacy law in the last two decades. It imposes new rules on organisations including not- for -prof it establishments that offer goods and services to people in the EU.
Does it apply to my Organisation?
Yes and Brexit will not matter – the UK Government has confirmed that GDPR will apply in the UK. The UK will still be part of the EU at this time and needs to be recognised as a safe data haven.
How does this affect my CRM?
Data in your MillerTech system will already be well controlled and stored in such a way to take the first steps toward GDPR readiness. However, some changes will be needed to meet GDPR’s more stringent demands. For example, you need to check that consent is clearly sought and given when you collect information.
The GDPR is clear that individuals must be asked to opt in and it must be obvious that they are doing so – leaving check boxes blank or asking for agreement in a way that could be misunderstood is not acceptable. You will also need a process for reporting any data breaches within 72 hours, so you need to have the capability to flag them and take action in time.
How can MillerTech Help?
MillerTech’s systems have been supporting their clients’ Data Protection obligations for many years. MillerTech have since been reviewing the requirements from the ICO’s document to assess what current functionality needs to be enhanced and what new features we need to develop. The key areas we have started to promote are:
Collection and recording of data (e.g. Join Online form) to ensure clarity of wording, member is actively opting- in as well as the ability to withdraw consent.
We are also providing our clients the ability to record consent dates, manage unsubscribes and re-affirm communication preferences as well as obtain retrospective consent.
Subject Access Requests
Members will have the ability to download a summary Subject Access Request report from the member’s self -service area to see what personal data is being held about them. A more detailed Subject Access report can also be requested via this portal.
Members have the right to request for their personal data to be deleted when it’s no longer required. Many organisations still like to retain lapsed/cancel led membership records as it makes the re- joining process easier. This is one area we are currently reviewing to see how we can best support the right to be forgotten, whilst ensuring sensible controls are in place.
Contact our team to understand how GDPR may affect you and how we can help!
SPEAK TO ONE OF OUR EXPERTS ON