The IPA, with the help of law firm Bristows, has created a ’GDPR Pack’ for its members. The GDPR (General Data Protection Regulation) is the most important piece of data protection law to be introduced in the EU for the past 20 years and will affect businesses in all sectors – including advertising - across all EU member-states, even the UK after Brexit.
The IPA’s GDPR Pack is intended to help agencies get to grips with some of the basics of the GDPR, mostly where they are acting as data ‘controllers’, i.e. where they are determining why and how personal data should be processed – for example, the personal data of their staff, suppliers and clients.
The Pack contains notes on 10 key GDPR issues – including supplier contracts and client contracts - and five template internal data protection policies to help agencies kick-start their GDPR compliance processes if they haven’t started already.
Although agencies are primarily B2B businesses rather than B2C - and so unlikely to be acting as controllers in any significant way - where organisations are processing personal data as controllers, they must still comply with the GDPR. Clients will expect agencies to be compliant and so will the Information Commissioner’s Office or ‘ICO’ - the UK’s data protection regulator.
Says Richard Lindsay, Director of Legal & Public Affairs, IPA: “Understanding the rules is one thing, but putting them into practice is quite another. The IPA has held seminars and produced guidance notes, legal alerts and webinars on the GDPR, but without something tangible to get you started, taking the first steps towards compliance is difficult.
“Using the IPA’s GDPR Pack will not mean that your agency complies with the GDPR in full, but it should go some way to helping your agency organise its practices and internal policies in a GDPR-compliant way - definitely a step in the right direction. Doing nothing is not an option.”
Visit our data protection documents for the full collection of the IPA’s GDPR guidance for members.