Blog - How does GDPR affect DJs and the wedding industry?

Posted: Thursday 10th May 2018 By: Andrew Broughton | Read Time = 4 mins Views: 3782

What do the new data protection regulations mean for DJs and the wedding industry and what do you need to do to be prepared?

New regulations about data protection come into force on Friday 25th May 2018; the General Data Protection Regulations (GDPR).

The important thing to stress here is that while GDPR is new legislation, it's building upon the principles of previous legislation such as the Data Protection Act. Therefore you should already have some forms of data security and logging in place.

There is a lot of advice available and I strongly recommend you seek legal advice if you are unsure. This blog is a summary of what I've read and how I understand the legislation and it's impact on our industry.

There are two main points I've taken away from the new rules:
- You must have active consent to store and process personal data
- You must consider how long this data is held for and what you are using it for

What is "active consent"? This is about the person giving you specific consent for what you're using the data for rather than opting in by default. The aim is to remove those confusing forms where you're not sure if you need to tick the box to sign up or you need to tick to not sign up. One good tip I've read here is for website forms is to provide a yes and a no option to remove any ambiguity.

The new rules also mean that you need to be able to prove that the person has given you consent, so you need to keep a record of that consent. This is a relatively easy tweak for new clients but for existing data stored you'll need to consider if you need to obtain their permission should you need to keep their data.

What is personal data? Put simply this is anything that could identify an individual, including name and contact details. This also stretches to photos where people can be clearly identified.

How long can you store the information for? This is for you to consider and make a decision on. You should make this clear in your privacy policy so people are aware of the retention period. As an example I have decided for quote enquiries that don't book me that I will remove their details either when they tell me they are not booking me or once the date of the function passes (whichever comes first).

What security do you need? You need to consider the level of security required - both physical and software - for the data you are processing. For example, for a small business that stores employee details it might be sufficient to store these files in a locked cabinet yet a bank may choose to employ a higher level of security for access to bank account details. If you're processing or storing data online you'll need to make sure that you're using a secure server - hence why Google Chrome is already providing warnings if an unsecure server is collecting data.

What is a privacy policy? A privacy policy is a document where you set out what data you store and how you processes it. This isn't something new, it's something that you should have already in place anyway.

Are there any exemptions? There are some exemptions to the regulations, such as if there are any legal requirements for personal data to be stored or shared. For example if the police were to request information you would likely be authorised to share personal information without the person's consent.

Why does this matter? The new regulations have also increased the penalties for non-compliance (up to £17 million or 4% of company turnover). If your security is breached you could be liable for a fine. And likewise if you keep personal data without consent or for longer than required you could be fined. But the Information Commissioner's Office are keen to stress that the new regulations are not all about big fines; it's about putting the consumer first.

So, in a nutshell the new legislation is on its way and it's time to review your current data handling processes to see if they need to be updated. Hence why you've no doubt had countless emails asking if you wish to remain on marketing lists.

Your Comments

No comments added, add yours below...