This is GDPR for Dummies 2022: the ultimate guide for Scotland and England. Oh, and written in layman’s terms.
Have you ever wondered what is GDPR or why it applies to your website?
This GDPR summary, GDPR plan and GDPR compliance checklist are written by experts and Cyber Essentials accreditors.
Watch this video on YouTube here: GDPR Made Easy 2022
General Data Protection Regulation in Scotland and England.
You’re probably wondering “why do I need a GDPR compliance checklist?” Or you may have questioned if there’s any justification for the hype surrounding the General Protection Data Regulation.
Look, I get it…
You already have a to-do list.
And even when you finish everything on it, you still feel like you haven’t accomplished anything meaningful.
So the idea of wasting your time on yet another “useful”, “profound” or “GDPR made easy” checklist will most likely give you the willies.
In business, time is a commodity and a valuable one at that. Everyone wants more of it and sometimes managing the time you do have is overwhelming.
Between the responsibilities of running a business, managing relationships with clients and personal well-being, there seems to be very little time to do anything else.
So when you first heard about GDPR compliance, you can be forgiven for having the initial reaction of “it sounds too technical for me”, “I don’t have time for it” or “maybe I’ll get around to GDPR someday”.
You might be delighted to learn that you’re not alone. It’s expected that more than 81% of all businesses in the UK will not be GDPR compliant in time for the legislation being enforced in May 2018.
This statistic may appear to be justification for delaying GDPR compliance.
However, have you ever considered that perhaps the reason you’re stalling is that you’re a little confused about GDPR and the consequences it may have for your business?
After all, one of the hottest topics circling GDPR in 2022 is that if EU citizen data is breached online, then your business may be fined 20-million Euros or 4% of your global turnover (whichever happens to be more).
Therefore, it’s easy for you to surmise that GDPR equals the “death of your business” and ultimately the death of one of the most important things in your life.
Nobody has time for that.
But if GDPR exists to protect EU citizens from cybercriminals or businesses mistreating their personally identifiable information, then is GDPR a bad thing?
Imagine for a moment that your personal information was stolen and abused by others.
How would you feel?
Would you feel angry, victimised and perhaps a little scared about what a stranger may or may not be doing with it?
Therefore, if you hold the general opinion that data protection matters and is a positive step towards creating lasting change to benefit an online society then your customers and clients must also have the same opinion as you do.
And when your business is GDPR compliant, customer satisfaction will be at an all-time high.
Best of all, 81% of your competitors will not be GDPR compliant by 2022.
This means that GDPR compliance gives you the unique selling point that other companies can’t offer their customers.
Therefore, if your company is General Data Protection Regulation compliant, then you’ll have a penalty-free business that retains customers and attracts new business.
So, the only question you really need to ask yourself is this: “how much is GDPR compliance worth to me?”
Stop procrastinating and start achieving more with the General Data Protection Regulation.
GDPR for Dummies 2022 : GDPR compliance. What is it?
So, GDPR compliance, what is it and why does it apply to Scotland and the UK?
Well, GDPR (General Data Protection Regulation) is new legislation that replaces the Data Protection Directive.
It became enforceable by May 25th 2018 and is developed by the Council of the European Union, the European Parliament, and the European Commission with the aim to strengthen and unify data protection for all EU citizens; give back control over personal data to EU citizens and residents; create new “digital rights” for EU citizens; simplify and unify regulation within the EU; make it easier for non-EU countries to comply with their regulations.
Unlike a directive, the General Data Protection Regulation does not require national governments to pass any enabling legislation and thus is directly binding and applicable to any business that stores EU citizen data (even if the data is not collected or stored on a server located in the EU).
A single set of rules will apply to all EU member states.
Each member state will establish an independent Supervisory Authority (SA) to listen to and investigate complaints, sanctions and administrative offences.
Should a business have multiple establishments in the EU, it will have a single SA as its “lead authority”.
While GDPR makes it easier for nations outwith the European Union to comply with the new legislation, there will be steeper financial consequences if a company’s online security is breached and has its data leaked online.
This penalty will be up to 20-million Euros or 4% of global turnover (whichever is greater).
If there’s ever been a good reason to pay close attention to the article entitled GDPR for Dummies 2022, then it has to be how penalties can potentially ruin your business and everything you’ve worked hard for.
GDPR for Dummies 2022: What does personal data include under the GDPR?
In accordance with GDPR, Personally Identifiable Information (also referred to as PII) is considered to be any information that can be associated with an individual.
This means that PII will apply to any data pertaining to an EU citizen’s professional, public and private life.
Some of the most obvious types of PII that your former employees may have access to are:
- A computer’s IP address
- Banking information
- Social media posts
- Email addresses
- Home addresses
- First and last names
- Medical information
GDPR for Dummies 2022 : Direct marketing consent GDPR
Why do you need direct marketing consent for GDPR?
Whilst researching GDPR for Dummies 2022, a common question people ask is how does GDPR affect marketing and event marketing?
For most small businesses, GDPR will only have a minor effect on day-to-day marketing or on how an individual’s private information is used for marketing purposes.
The General Data Protection Regulation in 2022 is predominantly designed to prevent personal information from being traded or sold to a third party.
Therefore, there is a responsibility to protect and not misuse any data that you collect.
An additional requirement of GDPR and the collection of data is that for most businesses, overly complicated Terms and Conditions pages on their website will have to be replaced with a more straightforward and easy to follow terminology and language.
Furthermore, it is good practice to clearly state what a person is choosing to opt into and how their personal information will be used.
A few examples are on popups, in checkouts or anywhere else that PII is collected.
Data can only be processed by a business if there is at least one lawful basis to do so:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is vital for compliance with a legal obligation to which the controller is subject
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
GDPR GDPR for Dummies 2022: GDPR email marketing?
One of the most common questions that we’re asked is the relationship between GDPR and email marketing. Why should businesses care about GDPR email marketing?
Well, email marketing is a big business because it’s easy to retain customers and encourage repeat business.
These days, email addresses are like a currency and people don’t give away their email addresses to just anyone without a good reason.
Yet the costs incurred to get each and every subscriber for a business is money well spent.
This is because email marketing has an average of 40x ROI.
Marketers and conversion rate optimisation experts spend their professional working lives in pursuit of getting the maximum number of email subscribers from a few visitors to a website as they can (you’ll have noticed that we use popups ourselves).
This is called conversion rate optimisation and most businesses don’t have a problem spending on things like conversion-optimised WordPress themes, landing page builders, copywriters and list-building plugins to offer the ultimate “mouth-watering” incentive that nudges their ideal subscriber one baby-step closer to solving a problem that keeps them awake at night.
You may use something similar and now be questioning if GDPR will mean that you’ll have to abandon your super juicy incentive or that it may affect how you use email marketing.
Well, the General Data Protection Regulation will have a minor impact on the way you use your website to collect contact details. Pop-ups, checkouts and other ways you collect PII will have to clearly state what it is that the user is signing up for and how your business intends to use their personal information.
Additionally, subscribers and customers must be able to withdraw their consent at any time whilst being granted access to any data you have about them and allowed the right to be forgotten.
An additional requirement is that all EU citizens must be able to “unsubscribe” from your email marketing at any time.
GDPR in Schools for Scotland and England
See: GDPR in Schools
When a Scottish or UK school, charity or business collects a child’s personal data, consent must be given by the child’s parent or custodian.
This consent must be verifiable and Data Controllers must be able to prove that explicit consent (opt-in) was given.
GDPR for Dummies 2022: Lesson #6 What is a data breach and what happens when an employee breaches GDPR?
See: GDPR data breach.
As data breaches and cybercrime are somewhat hot topics, many people are confused by what a data breach is and what it means for the General Data Protection Regulation.
The short answer is that there are a few changes to how your business handles data breaches in the future including when an employee breaches GDPR.
When the General Data Protection Regulation finally took full effect, the Data Controller is legally obligated to notify the European Supervisory Authority.
Reporting a data breach must be done within 72 hours of becoming aware that a data breach has happened.
Should there be an adverse impact taking place, those who are affected will need to be notified immediately.
On top of that, the data processor is also responsible for notifying the data controller without any delay.
All in all, GDPR will make sure that data controllers and data processors are held responsible for what takes place after a data breach, even when an employee breaches GDPR.
GDPR for Dummies 2022: Lesson #7 Who is the SA? (Supervision Authority)
One of the many advantages to GDPR is that it will make it easy for your business to be compliant when handling EU citizen data because there is only one set of rules that apply.
Each individual member state will create an SA (Supervision Authority) to handle and investigate any complaints about your business breaking legislation.
The Supervision Authority will also deal with sanctions related to administrative wrong-doings (as well as many other things).
Should your company operate from multiple locations in Europe, it will be assigned a single SA that is geographically situated closest to your main office or place of business.
The EDPB (European Data Protection Board) will be responsible for coordinating the Supervision Authority and, in some circumstances, different Supervision Authorities will work together and freely trade information with one another.
GDPR for Dummies 2022: Free GDPR compliance checklist?
If you aren’t completely prepared for the new era of data protection, then you’re trailing behind your competition.
Don’t worry, GDPR Made Easy is a checklist to help you be compliant in 2022 and beyond.
GDPR is a hot topic and if you’re not compliant before 2022, then you’re missing out on an extremely cost-effective way to grow your business.
Unlike other GDPR training programs, ebooks or resources, our GDPR compliance checklist is focused on time management.
This GDPR checklist is a time mastery system — a results-focused, purpose-driven, massive action plan that will guide you towards achieving absolute data protection and GDPR compliance.
It comes in a portable PDF format that helps you to identify your biggest weaknesses in online security quickly and explains how to fix them.
By the end of the list, you’ll learn everything you need to know about GDPR and you’ll be in a position to stop focusing on what you have to do and start focusing on what you want to achieve with GDPR.
As you transform your stress into a unique selling point, you will begin to see tangible results such as higher levels of productivity, deeper customer satisfaction and more effective decision-making.
You can’t create more time, but with this checklist — The 25 Most Important Things Your Business Needs For GDPR Compliance in 2022 — you can start making time for what really matters.
- How to vanquish patterns of customer dissatisfaction with patterns of growth and fulfillment
- The power of being GDPR compliant and what it can do for you
- Key strategies that allow you to achieve balance with online security and data protection
- How to replace GDPR on your “to-do” list with a checklist that guarantees accomplishment
GDPR for Dummies 2022: What makes this GDPR compliance checklist so different from other GDPR tools?
See: Free GDPR checklist and plan
Most General Data Protection Regulation compliance checklists focus on fear – how non-compliance will result in crippling fines and financial ruin.
Our General Data Protection Regulation compliance checklist first focuses on the results and outcomes you want, then connects you to why it’s important to achieve complete data security.
When the inevitable challenges with General Data Protection Regulation compliance show up, this checklist gives you the drive to follow through and achieve the actions you want.
In short, this is GDPR made easy.
This is the same GDPR questionnaire and checklist experts charge businesses entrepreneurs and business leaders to successfully master their own busy schedules and start achieving greater goals with data protection and their online security.
This comprehensive GDPR compliance checklist is a complete set of rules, questions and answers that are designed to help you redirect your focus and re-evaluate your current priorities with GDPR compliance.
Thank you for reading GDPR for Dummies 2022. Don’t forget to leave a comment below with any questions or helpful tips you may have!