Email lists will need data review

New rules on data protection mean many small businesses will have to rethink their database of contacts before they come into force on May 25

Aiming to give people more say in how personal details are collected and used, plus give more protection from cybercrime, the RGPD rules (called Gen­eral Data Protection Reg­ulation in the UK) mean businesses need “explicit” consent from people before storing data electronically and must explain how this data will be used.

More importantly, a pre-filled tick box does not count as consent and businesses must ask for consent for each type of data use, whether for emails, newsletters or fraud checks.

Businesses must also keep full documentation on what consents have been given and be able to erase records for anyone who asks for it, or give a complete copy of what is held.

Small businesses do not escape as criminals may see them as having less protection than big firms and perhaps giving details of who is going on holiday and for how long.

French data watchdog CNIL has information at tinyurl.com/y7wffpf2 but UK changes are similar and its watchdog has a helpfile at tinyurl.com/jpwxldl