Melissa  Kilday
about 4 years ago by Melissa Kilday

GDPR - Key Points

laptop, GDPR, EU, Brexit, desk, pen

The countdown to the new General Data Regulation Policy is well and truly underway and with just under a month before the new regulations are put in place it is surprising to find that huge companies like Facebook are still not fully prepared.

As of the 25th May 2018 any changes that are required by GDPR need to be legally implemented in your organisation. The consequences for any non-compliance with GDPR can be crushing for all businesses with fines of up to €20 Million or 4% global turnover, can your organisation afford to get it wrong?

It has been widely reported recently that our data has been used without our consent by social media giant Facebook. Data analyst firm Cambridge Analytica used the personal data of over 50 million Facebook users without their consent and as a consequence of this data breach the backlash received has been severely damaging, not just financially but their reputation has also been significantly tarnished. Facebook boss Mark Zuckerberg has publicly apologised but that is just the beginning of the work needed to rebuild their consumer trust.

Sharing the personal data to third parties without consent is a severe breach of GDPR, with that in mind here are some key points to remember and implement in your organisation with regards to sharing data, consent and being transparent about your privacy policy:

  • You must receive a clear statement of genuine consent (using a pre-ticked box is not compliant) giving individuals full control of their data and how it is used. If you have previously held consent, this must be reviewed to comply with new GDPR guidelines
  • Keep all records of consent / consent requests and how it was obtained, these should be held separate from any standard terms & conditions
  • Be clear about who the third parties are and name them
  • Explain what third parties will use their data for
  • Save evidence of consent
  • Make it easy to ‘opt out’ and explain clearly how to do this
  • Explain clearly how their data can be removed easily
  • Keep any consent updated regularly and in line with any changes
  • All emails sent should have your GDPR compliant Privacy Policy attached and easily accessible
  • Customers must ALWAYS have full control over their personal data, what it is used for and where it goes

Here at Cherry we are committed and passionate about the safety of our customer’s data and are dedicated to the compliance and transparency of the new GDPR laws. If you would like any further information please contact our Internal Data Protection Officer on and we would be more than happy to help.