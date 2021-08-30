General data protection regulation or GDPR is a set of European data protection laws adopted in 2018. However, many UK businesses are struggling to comply with GDPR, particularly since the advent of working from home. 1 in 5 employees received no data protection guidelines for working from home while 1 in 5 also received no training for GDPR compliance, handling company data, or cyber security measures. But, since GDPR fines increased by around 40% in 2020, businesses are increasingly pressured to take action.

Why do businesses struggle to become GDPR compliant?

Businesses can find it challenging to become GDPR compliant as the guidelines themselves are complex and written largely in legal jargon. While businesses with legal teams won’t have much of a problem here, smaller businesses may not be able to afford such help. GDPR guidelines are also rather ambiguous in some areas, which makes absolute compliance even more difficult. Additionally, some businesses may need to update their internal systems and processes in order to become GDPR compliant. Customer data storage, email marketing, and quality assurance all likely need reviewing, which some businesses don’t want to prioritise.

Making digital archives GDPR compliant

With digital archiving, businesses can keep a historic record of their web and social media communications. Since this may include peoples’ personal data, these digital archives must be made GDPR compliant. However, the GDPR backup retention policy doesn’t specify a minimum or maximum period for archiving and retaining personal data. Businesses are just required to keep data “for no longer than is necessary for the purposes for which it is being processed”. Businesses must also uphold the rights to access, rectification, and erasure, which means archived data must be easy to find, access, and download.

What about email marketing?

Email marketing campaigns have had to be carefully amended to comply with GDPR in order to protect personal data. For example, customers need to explicitly give their consent before joining email lists. This typically requires implementing a double-opt in feature, as well as an easy opt-out feature. Required or involuntary opt-ins aren’t compliant. Double opt-ins essentially make non-consensual or accidental sign-ups less likely. After ticking a box, people will also receive an email and need to give their consent again for a second time.

GDPR compliance has been challenging for many UK businesses to achieve. By being proactive about compliance, however, businesses can better protect customer data and avoid fines.