New regulations around how a business collects and stores data come into force in May 2018. The General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998 and means that businesses who wish to continue to store and process existing data after May 2018 must ensure they have the consent required by the GDPR. The new rules include a requirement to have opt-in consent. Tacit consent, the failure to un-tick a pre-ticked consent box, silence or default settings will not be consent for the purpose of the GDPR.
If consent is not in the right form and the data is used after 25 May 2018, businesses will be exposed to fines (increased by GDPR to 4% of worldwide turnover or €20 million, whichever is greater) and the reputational damage which can flow from data abuse.
Big businesses are already undertaking “cleaning” operations to ensure any consents are 2018 compliant or are contacting the people on their databases to seek up-to-date consent. Whilst this can be seen as a burden, in fact this process enables a database to be compliant, relevant and create the knowledge that the people on your database are happy to be contacted. As people become increasingly sensitive to the misuse of data, the cost of using non-compliant data is likely to be high, either in management time in dealing with complaints, reputational damage and the risk of fines imposed under the GDPR.