The basics of GDPRSo what is all the fuss about and how is the new law so various to the data protection directive that it replaces?The first important distinction is one of scope. GDPR goes beyond safeguarding against the misuse of personal information such as e-mail addresses and telephone numbers. The Regulation applies to any form of personal data that could determine an EU citizen, such as user names and IP addresses. Furthermore, there is no distinction in between information held on an person in a business or personal capacity – it is all classified as personal data identifying an individual and is consequently covered by the new Regulation.Secondly, GDPR does away with the comfort of the “opt-out” currently enjoyed by numerous companies. Instead, applying the strictest of interpretations, utilizing personal data of an EU citizen, demands that such consent be freely offered, particular, informed and unambiguous. It requires a good indication of agreement – it cannot be inferred from silence, pre-ticked boxes or inactivity.It is this scope, coupled with the strict interpretation that has had marketing and company leaders alike in such a fluster. And rightly so. Not only will the company need to be compliant with the new law, it may, if challenged, be required to demonstrate this compliance. To make issues even much more tough, the law will apply not just to newly acquired information post Might 2018, but also to that already held. So if you have a database of contacts, to whom you have freely marketed in the past, without their express consent, even giving the person an option to opt-out, whether or not now or previously, will not cover it.Consent requirements to be gathered for the actions you intend to take. Obtaining consent just to USE the data, in any type won’t be adequate. Any list of contacts you have or intend to purchase from a third celebration vendor could consequently turn out to be obsolete. With out the consent from the people listed for your business to use their information for the action you had intended, you will not be able to make use of the data.But it is not all as bad as it seems. At initial glance, GDPR looks like it could choke company, especially online media. But that is truly not the intention. From a B2C viewpoint, there could be fairly a mountain to climb, as in most instances, companies will be reliant on gathering consent. However, there are two other mechanisms by which use of the information can be legal, which in some cases will support B2C actions, and will almost certainly cover most locations of B2B activity.”Contractual necessity” will stay a lawful basis for processing personal data under GDPR. This indicates that if it is required that the individual’s data is utilized to fulfil a contractual obligation with them or take steps at their request to enter into a contractual agreement, no additional consent will be required. In layman’s terms then, using a person’s get in touch with particulars to generate a contract and fulfil it is permissible.There is also the route of the “reputable interests” mechanism, which remains a lawful basis for processing personal information. Please contact us if you want to find out more about gdpr practitioner training london.