Ensuring that the personal data you hold is only being used in ways which the individual is aware of, has approved and that it is being stored securely, should help prevent you falling foul of the new regulations. 1. Identify your Data Controllers and Data Processors A “data controller” is any organisation that holds personal data about EU citizens (e.g. your customers’ names, etc.). A “data processor” is an organisation involved in processing & storing that information on the controller’s behalf. Under GDPR, both controllers and processors can be held liable if there is a data breach and so both need to adhere by the regulation. 2. Explicit & Active Opt-Ins Under GDPR, customers must explicitly opt-in to having their details stored and understand what they are being used for. Under the new regulations, consent is now also defined to require an obvious and positive action to opt-in. For example, enquiry forms with a checkbox to receive a newsletter should be unticked by default, assuming that unless the user selects this they do not wish to opt in. Get the full story at 80 DAYS