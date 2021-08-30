General data protection regulation or GDPR is a set of European data protection laws adopted in 2018. However, many UK businesses are struggling to comply with GDPR, particularly since the advent of working from home. 1 in 5 employees received no data protection guidelines for working from home while 1 in 5 also received no training for GDPR compliance, handling company data, or cyber security measures. But, since GDPR fines increased by around 40% in 2020, businesses are increasingly pressured to take action.
Why do businesses struggle to become GDPR compliant?
Making digital archives GDPR compliant
With digital archiving, businesses can keep a historic record of their web and social media communications. Since this may include peoples’ personal data, these digital archives must be made GDPR compliant. However, the GDPR backup retention policy doesn’t specify a minimum or maximum period for archiving and retaining personal data. Businesses are just required to keep data “for no longer than is necessary for the purposes for which it is being processed”. Businesses must also uphold the rights to access, rectification, and erasure, which means archived data must be easy to find, access, and download.
What about email marketing?
Email marketing campaigns have had to be carefully amended to comply with GDPR in order to protect personal data. For example, customers need to explicitly give their consent before joining email lists. This typically requires implementing a double-opt in feature, as well as an easy opt-out feature. Required or involuntary opt-ins aren’t compliant. Double opt-ins essentially make non-consensual or accidental sign-ups less likely. After ticking a box, people will also receive an email and need to give their consent again for a second time.