1) The new GDPR laws taking effect in May 2018 will give users more control over their personal data and require businesses to be more transparent in how they collect and use personal data. 2) All businesses that collect any personal data, whether small or large, will need to be compliant with GDPR by May 25, 2018. Non-compliance can result in fines of up to 20 million euros or 4% of global turnover. 3) Businesses need to audit what personal data they hold, where it was collected from, who they share it with, obtain user consent for data use, update their privacy policies and marketing practices, and be prepared to respond to data breaches within 72 hours to be compliant with

1. Redder
GDPR | General Data Protection

2. Our data protection laws were last updated in the 90s. With the vast
change in our online systems and how businesses process data
these are no longer fit for purpose.
New laws are being introduced to create transparency and give users
more control over the data businesses collect.
GDPR
Redder

3. Who will it affect?
All small and large businesses
processing any personal data.
Redder

4. You need to be ready by
25th May 2018
Redder

5. The cost of non-compliance
https://www.itgovernance.co.uk/data-protection/eu-gdpr-infographic
Fines up to
€20million or 4%
of global turnover
Compensation claims
for damages suffered
Reputational damage &
loss of customer trust
Redder

6. Things you need to know
about GDPR7
Redder

7. Be aware
Make sure your company understands GDPR and is ready for the
changes coming in May.
Moving forward it will be important that you understand what data
you have and where it’s coming from:
● What personal data do you hold?
● Where has it been collected from?
● Who do you share it with?
Think about building an information audit.
1
Redder

8. Be transparent2
GDPR Article 12 - transparent information, communication and
modalities for the exercise of the rights of the data subject.
Make no grey lines between you and your consumers. People do
business with other people they know, like, and trust.
Build trust by treating consumers data with respect and making your
objectives for the data clear.
Redder

9. Be in control of your data3
Users will now have the right:
● to be informed
● to access all their data
● to rectification
● to erasure
● to restrict processing
● to data portability
● to object
● not to be subject to automated decision-making including profiling.
This could become a lot to manage, so think about whether you actually need
all of the data you have and how you can easily manage handling all your data.
Redder

10. Data breaches4
If you have a breach of data you will now have 72 hours to report it.
The users who have had their data stolen would need to be told
and if it concerns people’s safety you would also need to report the
breach to the ICO.
GDPR means ramping up your security to the max and have a
system in place incase something happens.
Redder

11. User consent5
A big part of GDPR is the control users will have over
their data. You will no longer be able to buy data
from third party companies unless users have opted
into hearing from you.
To use the personal data, you will need to have
proof of consent from your users.
Users should be given a choice of what they do and
don’t subscribe to. A great example of this is the
Swimathon opt in page. Create transparency
between your business and your users.
Redder

12. Cookies & privacy policies6
If your cookies collect personal data from your users like location
or IP addresses you will now need to get users permission to use
these before they can track anything.
Your privacy policies will need to be simple, clear and written in
easy to understand language.
If you have different stages of data collection throughout the
website, this will need to be broken down and cannot all be put
into one privacy policy.
Redder

13. Marketing with GDPR7
Due to the restrictions of user consent,
targeted marketing will be harder and
methods such as email marketing will not
be as easy as it used to be.
Think ahead and get your marketing team
ready for the change with a plan of action!
Redder

14. What happens with the
data I already have?
Redder

15. The use of existing data
To keep the data you already have you will need to have proof
that person has given you permission to use it.
If you don’t currently have proof of this, you will have to get
users to re-opt in.
It’s not all bad! After this process you will have a list of people
who have GENUINE interest in your business and WANT to hear
from you.
Redder

16. You are responsible for your
business’s data
Redder

17. Data controllers
A data controller must be a ‘person’ recognised in law, that
is to say:
● individuals;
● organisations; and
● other corporate and unincorporated bodies of persons.
Redder

18. Data processors
Redder

19. Redder Clients New & Old
Past projects: Any previous clients of Redder are responsible for their own
data and their systems however, we are happy to help getting you GDPR
compliant.
New projects: Moving forwards Redder will be 100% compliant with GDPR and
will ensure all future projects with clients will also be GDPR compliant
Redder

20. Are you GDPR ready?
Redder