GDPR is a compulsory requirement for any business handling personal data which relates to living EU citizens. To clarify, GDPR documentation refers to ‘personal data’ as being “any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier [email, IP address, mobile device ID, etc.] or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”1
Understanding how the GDPR defines ‘personal data’ is vital for every business. For example, a business email address that has a personal name – for example, firstname.lastname@example.org – meets the definition of personal data, as it has an individual’s name in it. And as such, a business will need to understand on what basis it is processing this data.
Further, how will businesses approach ‘consent’ should an existing client not renew their business? Traditionally, the broker will view this ‘lost’ client as a new prospect for the future. But how will they ensure they have ‘affirmative consent’ to continue to market their services to a client they no longer hold?
GDPR is a golden opportunity to review the information you hold and embed solid GDPR policies and procedures. If done correctly, these changes will not only ensure that your business is compliant, but they also have the capacity to deliver commercial gains for your business.