Who knew that 4 letters could temporarily turn the world upside down?
No doubt you’ve noticed the countless posts and opinions on the new GDPR regulations. You may have even seen people panicking on social media, asking for help, writing their wills and bombarding their advisors with phone calls.
But is GDPR as bad as people make it seem? Allow us to tell you how it really is.
Understanding the rules of GDPR (General Data Protection Regulation) can be puzzling, there are so many big words flying around, and people are saying one thing and meaning another, and it really is exhausting. But, that’s why we have put together a blog which describes the new GDPR in a much simpler way. Gone are the days of worrying, instead allow us to help you understand how to abide by this new rule in less than 1,000 words.
” You are a curator of
personal data, not the
Privacy Lead, Data Oversight
What is the General Data Protection Regulation?
Let us dispell the rumours.
The EU is soon implementing a new Data Protection Act, which will impose hefty fines and penalties on companies that don’t follow the rules. This update will provide customers with the ability to have a say in what businesses do with their data; including their emails, phone numbers and postcodes.
The introduction of the GDPR law aims to be able to provide the public with more freedom, allowing them to control how companies manage and protect their data. Social media apps use personal data for their services and analytics to help them improve further or make their app more user-friendly – however, with this new law, these businesses will need to be extra careful with how they share that information.
The EU is hoping that this toughened enforcement will help grow and improve on the emerging digital economy.
The region wants to prevent incorrect exploitation of data online and instead insist that businesses look after their client’s information otherwise the fines could reach millions dependent on your yearly turnover.
When do you need to prepare by?
You should ensure your company is compliant with GDPR by May 2018 where it will come into full effect. If you’re worried, you can request help from legal professionals to make sure you meet all the correct standards. However, you can quite easily manage the regulations yourself.
However, despite the uproar of worry, nearly a third of companies are not preparing for this new law. Around 28% of companies are ignoring GDPR preparations.
Who is affected by the new GDPR rules?
Companies which control or process data on a constant basis are viable for the approaching, GDPR law. Businesses like this would include companies of a charitable nature, to government facilities.
However, IT professionals who are managing the information will be eligible to follow this new ruling. Whether the controllers and processors are outside of the EU or not, they still need to play to rules of the EU’s new GDPR law to remain free from penalties.
What counts as personal data under the eyes of GDPR?
The EU has recently expanded on the list of personal data factors. With the new regulation, you will need to make sure that you safely store contact details. You must always gain the consent for you to use data, and let the customer know how you plan to use it.
What is the right to be forgotten?
People have the right to demand their data to be removed at any time. This request may be that they no longer wish to receive information or need your service. You should always suggest an ‘unsubscribe’ or ‘opt-out’ CTA.
Your customer can also ask for you to erase their information permanently. In this case, you must terminate any info you have on the other party.
What do you do if you suffer a data breach?
If this event occurs, your company must inform the Data Protection Authority. Let the DPA know if you believe client information is at risk of breaching rights and freedoms. You must make sure you do this within 72 hours of becoming aware of the circumstances. Failure to do so could, unfortunately, result in the pending fine.
However, within this time frame, you must ensure you tell the owner of the details that their information is at risk. Failure to comply with this could result in an impressive £20 million fine. or the authorities may request your worldwide revenue ROI; whichever turns out to be higher.