As many of you will be aware, the European Union’s upcoming General Data Protection Regulation (GDPR) will come into effect on 25th May 2018, with some calling this the biggest change to data regulation since the UK’s Data Protection Act of 1998. With large penalties outlined for companies that fail to comply with new regulations, the larger amount of either 4% of a company’s annual global turnover or €20 million, it is important that manufacturing companies change their current data handling processes. This article will outline the changes manufacturers will need to carry out to prepare for the upcoming GDPR changes. However, Conception Marketing is not a legal expert, and anything included in this article should not be taken as legal advice.
Changes Manufacturers Will Need to Make
As manufacturing companies have grown in the modern age, the amount of data they need to collect has also increased. Most of this data will now be regulated by GDPR; this includes; employee information, supplier details, business partner contacts and customer data.
Below are a few areas that will need to be reviewed and improved to comply with the new regulations before the May 25th deadline:
As previously mentioned, manufacturing companies collect and store a large amount of what is outlined in GDPR as ‘personal data’. Personal data covers a broad range of information, some examples include; contact name, email address, phone number, IP address and mailing address. With GDPR it is now a legal requirement to gain consent when collecting personal data, companies must also outline why they have collected this data, how they will use this data and how long they plan to store this data. During GDPR audits, a manufacturer will need to be able to prove that data being stored is relevant and explain the proposed use of the data.
In order to comply with GDPR, the Information Commissioner’s Office (ICO) has provided the following guidelines on how personal data should be handled:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures
GDPR states it is the responsibility of a manufacturer to protect any data it collects. As outlined in the ICO’s recommendations, data must be “processed in a manner that ensures appropriate security”, with companies expected to be able to outline the precautions taken to ensure that data is stored correctly and safely. In the event of a data breach, a company must notify the supervisory authority within 72 hours of the breach. If it is found that a company that has been hacked hadn’t outlined correct data security processes, it will be liable for additional fines. Systems will also need to be put in place for transferring data; all data will need to be transferred in password-protected documents or encrypted files, not through standard emails or text messages.
Personal Data Rights
The main focus of GDPR is to put the ownership of personal data back in the hands of the user, allowing individuals the ability to control who contacts them and why. The main benefit of GDPR to an individual is the ability to request for their personal data to be modified, restricted, or fully erased. For example, a recipient of an email newsletter can request not only that their email be removed from a database, but their entire personal data information. For manufacturers, if a customer asks for their information to be erased, this must be processed and documented in the event of an audit. This also extends to employee data; it is recommended that HR teams create in-depth systems for processing data.
Although GDPR only covers the use of personal data from individuals within the European Union, it will have repercussions internationally. For non-EU countries, the regulations surrounding the use of personal data for EU citizens will still need to be enforced, with the same penalties expected for those who fail to comply.
If you would like more information on how your manufacturing company can prepare for GDPR, visit the ICO’s website here.
Conception Marketing is a marketing agency that specialises in working with SMEs within the manufacturing and engineering sectors. Conception offers a range of both online and offline marketing services to help increase brand awareness to and help your business succeed and grow. Conception Marketing is always available to offer marketing support and advice in creating and delivering bespoke marketing strategies to promote your business objectives.
Based in Trafford Park, Manchester, Conception Marketing offers a range of online marketing services including; website design and management, email marketing campaigns, social media management and website search engine optimisation. Conception Marketing also offers offline services ranging from exhibition stand design and management to product brochure design and production. With extensive knowledge in the manufacturing and engineering sectors, Conception Marketing has become established as a market leader for marketing in the North West.
If you would like assistance in preparing for GDPR, contact a member of our team here or call on 0161 875 2480.