Company News

GDPR: Experience Invest Policy

  • Staff
  • 9 May 2018
  • Company News
Author: Staff





The management and safeguarding of personal information for businesses operating in the UK and Europe is changing, with the introduction of the new General Data Protection Regulation (GDPR) – the largest shift in corporate data management legislation to take place in a generation.

Understanding how your data represents a significant resource and a potential risk to your company’s continued operations is therefore essential. Organisations will need to adapt to a far tighter regulatory landscape when it comes to the management of data in future and GDPR is a necessary evolution of data protection when the risks to both businesses and consumers are greater than ever before.

What is GDPR?

Introduced across all member states of the European Union (EU), GDPR is a framework of data protection laws that spell out the manner in which organisations must inform individuals on the collection, use and storage of data, as well as the need to secure informed consent for these actions.

Coming into effect from May 25th 2018, GDPR is applicable to businesses in every industry and sector that has access to personal or sensitive information. This relates not only to a company’s clients, but also to those targeted through advertising or other data collection strategies, as well as employees.

In essence, GDPR is the new legal benchmark for the management of personal data that all businesses must adhere to. It is being administered in the UK by the Information Commissioner’s Office (ICO) and the body will have the authority to carry out criminal investigation into any organisation it believes to be failing to maintain its responsibilities in this area.

What does GDPR mean for businesses?

Ultimately, GDPR is designed to enhance transparency and provide new safeguards for individuals in how their information is managed by companies. To facilitate this process, a number of new rights have been introduced for individuals, including:

  • Right to be informed: Individuals must be informed regarding the collection and use of their personal data. They must be told the purpose for its collection, the period for which it will be retained and who it will be shared with.
  • Right to access: Individuals have the right to know all the information that a company holds relating to them. This information should be provided to the individual free of charge, upon request.
  • Right of rectification: All data held by a business should be kept fully up to date and, in cases where this is not seen, the individual has the right to have their records amended.
  • Right to erasure: Individuals can at any time ask to be removed from a company’s records and all of their personal information must be expunged from their databases.
  • Right to restrict processing: Specific consent must be sought for the application of data. This means that individuals can ask that their information only be used for certain purposes.
  • Right to data portability: Companies must ensure the swift and efficient transfer of information to other organisations, such as at the end of a rolling contract.
  • Right to object: Individuals have the right to object to the collection or use of their information if they believe it is not based upon legitimate interests for the purpose of a specified task, or in cases where it is not in the public interest.
  • Rights related to automatic decision-making (including profiling): Personal data may only be used in cases where a decision is to be made solely by automated means, without human involvement, where the information is necessary for entry into or performance of a contract, and is based upon the individual’s explicit consent.
  • In addition, the issue of consent is one that organisations must address, as under GDPR companies may only make use of data that is provided with an individual’s “freely given, specific, informed and unambiguous” consent.

    As a result, businesses must now be seeking approval for the use of all data. In cases where new contacts are being forged and new information is being collected, informed consent should also be requested and provided before this data can be used.

    What are the consequences for breaches of GDPR?

    In the past, companies could expect to face a limited fine for issues of data loss or the mismanagement of personal information, but under GDPR these sanctions are being considerably increased.

    Organisations that fail to maintain their responsibilities in terms of effective and transparent data management following the introduction of GDPR will face fines of up to €20 million or four per cent of their global turnover, whichever is greater.

    How is Experience Invest safeguarding your data?

    At Experience Invest, we remain committed to ensuring the safe and responsible handling of all personal information. As a result, we offer an assurance that we will always seek permission before utilising any personal information that is provided to us.

    We will ensure that:

  • Clients can opt out from all communication at any time
  • All personal and sensitive data is safely stored
  • Data is never sold or passed on to any third-party companies
  • Only insightful marketing emails are sent and exclusive offers for Experience Invest clients
  • You can find out more about the details of GDPR and its impact for businesses at the ICO’s official website, as well as by contacting our team.

    You may also like: