Frequently Asked Questions
We are registered with the ICO – does GDPR apply to us?
- Yes. You are likely registered as a Data Controller because your organisation processes personal information, but you will still need to comply with the new laws surrounding GDPR. The general data protection regulation (GDPR) is a new EU law that will come into effect on 25th May 2018 to replace the current Data Protection Act. It’s the biggest overhaul of data protection legislation for over 25 years, and will introduce new requirements for how organisations process personal data.
Does GDPR apply if I am a sole trader and the only person who uses the office computer?
- Yes. The GDPR regulations apply to organisations of all sizes if they process, store and manage personal information of customers or employees. Personal information includes general details such as name, address, phone number and email address.
My customers gave me their information freely, so does that count as consent for communications?
- You need to obtain and keep evidence of consent for ongoing communications, such as marketing, promotions, and reminders.
- A 2-step, or Double, Opt In process is recommended by many leading marketing services.
- Any existing consents you believe you have obtained prior to 25th May 2018 are only legitimate consents if they use the same techniques and processes which are required from 25th May 2018 onwards.
- Our Optly App allows you to photograph/scan and upload documents which may include an area for the customer to agree an Opt In. The Optly platform will confirm the Opt In with a Text Message or Email to secure the 2nd step of the Double Opt In.
Can I store my compliance documents on the Optly platform?
- Yes. We provide 3GB of secure storage as standard which is enough for 3000 documents (up to 1MB in size).
- Our Optly App allows you to photograph/scan documents which are not in electronic format so you can still easily upload them.
Important: If your organisation processes or stores peoples personal information, then doing nothing towards compliance with the GDPR laws is simply not an option. If you use a service or platform such as Optly to assist with gaining GDPR compliance, or obtain some GDPR certifications, then if you are found to have compliance issues, you will likely face a much less harsh penalty than if you do nothing.