Vihren Slavchev, CEO at Mnemonica JSC: GDPR Has Critical Implications on Sales and Marketing Activities

The interview is published in Business Connect magazine, Sept.-Oct. issue

Since its founding in 2009 Mnemonica’s business is mainly focused on data protection and security.  The company has successfully completed over 600 projects for over 100 clients for the last 8 years. Relying on Mnemonica’s expertise, many the company‘s clients and partners are preparing for the GDPR.

What kind of challenges do you see in applying of General Data Protection Regulation (GDPR) for corporate and public sector in Bulgaria?

 -General Data Protection Regulation (GDPR) is the new data protection regulation from the EU. It is applicable to organisations of all sizes, including Small & Medium Enterprises (SMEs), but many small businesses have not begun preparing for this comprehensive piece of legislation. Businesses anywhere in the world that process EU resident sensitive data are likely impacted by the regulation. As one of the EU countries, Bulgarian organizations also must comply with the new regulation, or they will face significant financial penalties.

What is GDPR actually? Instead of having 28 different laws relating to data protection, there is now one comprehensive rule that applies to all EU states. This should help to cut costs and may help smaller companies break into new markets.

What is the effect of the change in practical terms for companies and clients? Is the regulation more for the benefit of the citizens?

-The data protection reform will strengthen citizens’ rights and build trust. Its aim is to protect all EU citizens from data breaches. GDPR does not apply to people who are processing personal data in the course of their own exclusively personal life or household activity. But as soon as you begin undertaking commercial activities, even if you’re only a sole trader working from home, you are highly likely to be covered.

Many people think that GDPR is solely an IT issue. This if far from the truth. The regulation affects broad aspects of the company operations. It has critical implications of the sales and marketing activities and with the customer engagement practices. The business processes, applications and forms should be reviewed and make sure they are compliant with double opt-in rules. A simple example, in order to sign up and receive messages, the prospects would need to tick a box or fill out a form. Then they would need to confirm it was their actions in a further email.

What are the stages that the company should go through to prepare and to which extent the business will be hampered with the new regulation?

-Relying on Mnemonica’s expertise, many of our clients and partners are preparing for the GDPR. Every organisation should know what personal data means and where it is stored (database repositories, systems, information carriers). Entrepreneurs need to require owner’s consent for processing personal data and know who controls or processes personal data. Data monitoring is another important stage that companies should go through. These are just some of the mandatory steps businesses should be aware of to prepare for the new regulation.

How “The people’s right to be forgotten” will be applied in practice and harmonized with the public interest?

-GDPR was released in May 2016 with an implementation date of May 25, 2018. It codifies EU citizens “right to erasure”, often known as the “right to be forgotten” – cease data processing upon owner’s request. The new regulation has expanded and developed this right to include all data held by any organisation, whether the information is publicly available or not. Under the GDPR any EU citizen has a right to have all personal information deleted by an organisation.