If you retain email marketing lists the General Data Protection Regulations will have a substantial impact on the way you do business. Whilst the two years until implementation is comforting, what must be accepted is that planning needs to start now. One of the key tools in this process is Privacy by Design.
I’m unable to discover who first came up with the phrase but they should be praised. It defines the system in three words. To put it less concisely, when working on new systems to comply with the GDPR it can be advantageous to start from scratch with the PbD included in every decision.
The Information Commissioner’s Office has some suggestions which are applicable to email marketing and email marketing lists. These include:
1. Systems for storage and access to personal data,
2. When developing policy and strategies where there are privacy implications, and
3. When using new systems such as data sharing.
Whilst this might seem a lot of effort, there are considerable benefits. The risks implicit in storing data, using, and especially sharing, data can be lowered substantially using PbD. Further, should the worst happen and you are facing sanctions, the fact that you had systems in place, albeit obviously ineffective in some way, will be helpful mitigation.
You will also identify problems at an early stage, giving yourself time to remedy them without the threat of an impending deadline. There will probably be cost savings as well. Systems brought in at the initial stages are often simpler and more trustworthy. Bolt on solutions can wobble free under pressure.
There is a system that can be of use in design stages which will assist in PbD. It is Privacy Impact Assessments.
You might well have heard of PIAs. You might not have researched them as they have all the appearance of another process that will slow procedures. However, it is not as it seems.
PIAs are essentially tools. Used properly they identify risks of breaches of privacy legislation at an early stage in any new process or change. By highlighting the risks they allow you to change processes at a time when it will be easier to implement. It will point to systems that should be changed. The risk of harm to an individual and, by extension, to your company will be reduced. PIAs are very effective at increasing efficiency and effectiveness of the handling of personal data.
The ICO suggests that PIAs will ‘reduce the resources necessary to conduct the assessment and spreads awareness of privacy throughout your organisation.’ It produces a guide on PIAs which explains them in detail and then goes on to give ways which they can be used in a variety of organisations. You should view them. PIAs are integral to Privacy by Design.
The privacy and security of personal data held by companies is coming under increasing scrutiny by legislators. The public too is becoming more concerned by privacy and is aware of the legislation. Privacy by Design is an effective tool for those with email marketing lists in a world of increasing regulation and penalty.
See: https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf