This article was updated on 25 April 2018
Real Business was joined by James Castro-Edwards, a data protection expert and a partner on the data protection team at law firm Wedlake Bell.
He advised company owners on the measures required during the crucial last few months before the EU’s General Data Protection Regulations (GDPR) come into effect on 25 May.
Castro-Edwards kicked off the webinar with a 20-minute presentation on all things GDPR-related, including a background on the legal concepts behind the rules, the new principles behind GDPR and the changes that most business will be required to make.
Catch the webinar coverage in full below
He reassured business owners by stating that GDPR was “more of an evolution than a revolution” of existing data protection laws, and that any business that was already compliant with these would be in good shape ahead of GDPR coming into force.
Castro-Edwards clarified the legal obligations of businesses when using people’s personal information, and how they are to broaden under GDPR.
He said: “It’s very important that as an organisation, you understand exactly what your customers’ rights are, and that you uphold them. For example, if you’re holding someone’s personal data and they ask for it to be deleted, make sure your business has the processes in place to manage those requests.”
The presentation was followed by a lively Q&A session between Castro-Edwards and members of Real Business’s webinar audience. Regarding the use of personal information under GDPR rules, one viewer asked: “If someone hands you a business card at a networking event, does this automatically mean they give you permission to contact them directly?”
Castro-Edwards replied: “It all depends on what the expectations are of that individual. GDPR requires consent of the individual to then sell products and services to them. You’d need a positive affirmation from the data subject to use their information, requiring that subject to take action.
“The consent should be specific and explicit. Strictly speaking, there are quite a few hoops you need to jump through before you can start sending marketing material to people who hand you their business card at trade shows.”
One month until GDPR: Don’t be daunted by data
With just one month to go until 25 May’s GDPR deadline, small business owners should keep in mind the positive changes that the new data protection laws are designed to usher in.
Rather than view GDPR as potential hurdle for their business, owners should be encouraged by the collective impetus to improve the overall use of data, and excited about the associated benefits of better data.
As Mark Woodhams, EMEA managing director at NetSuite, told Real Business earlier this month: “GDPR should be seen as an opportunity to get the house in order and create operational efficiencies that will help businesses remain competitive and continue to grow in the future.”
“We’re only at the beginning of the data regulation journey. As the use of data continues to expand, it’s becoming more unsustainable for small businesses to put off incorporating data into day-to-day business processes. Those that are hesitant will at best miss out on growth, and worst may struggle to survive.”
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
