General Data Protection Regulations
GDPR stands for “General Data Protection Regulation”. It is a game-changing data privacy law set out by the EU but Brexit will not change the enforcement of this law. GDPR consists of a long list of regulations for the handling of consumer data.
The goal of this new legislation is to help align existing data protection protocols all while increasing the levels of protection for individuals. It has been in negotiation for over four years, but the actual regulations will come into effect starting May 25th, 2018.
All the new reforms help customers (people) gain a greater level of control over their data, while offering more transparency throughout the data collection and use process.
These new laws will help to bring existing legislation up to par with the connected digital age we live in. Since data collection is such a normal and integral aspect of our lives both on a personal and business level it helps to set the standard for data-related laws moving forward.
Put simply, GDPR is a regulation that you want to take seriously. Below we dive into what this regulation is and the demands of the legislation and how it could impact your day-to-day organisations.
GDPR Requirements: How to be GDPR compliant.
Let us be frank, GDPR compliance is something that the biggest companies in the world must take most seriously as non-compliance can bring huge financial penalties on them.
Even if we distil GDPR compliance down to the basics, there are many requirements organisations will have to implement to make sure you are in line.
Below are SEVEN key points for large companies.
In regards to small organisations such as local parish with activities such as website, clubs, businesses, community groups, the FOUR key points are highlighted in red and should broadly be adopted:
1. Obtaining Consent - Your terms of consent must be clear. This means that you cannot stuff your terms and conditions with complex language designed to confuse your users. Consent must be easily given and freely withdrawn at any time.
2. Timely Breach Notification - If a security breach occurs, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe will lead to fines.
3. Right to Data Access - If your users request their existing data profile, you must be able to serve them with a fully detailed and free electronic copy of the data you have collected about them. This report must also include the various ways you are using their information.
4. The Right To Be forgotten - Also known as the right to data deletion, once the original purpose or use of the customer data has been realized, your customers have the right to request that you totally erase their personal data.
5. Data Portability - Gives users rights to their own data. They must be able to obtain their data from you and reuse that same data in different environments outside of your organisation.
6. Privacy by Design - This section of GDPR requires organisations to make sure their systems have proper security protocols in place from the start. Failure to design your systems of data collection the right way could result in data breaches and result in a fine.
7. Potential Data Protection Officers - In some cases, your organisation may need to appoint a data protection officer (DPO). Whether or not you need, an officer depends upon the size of your organisation and at what level you currently process and collect data.
Do not resist GDPR, embrace it
GDPR is a complex topic, and this article will help you to grasp the basics.
However, the verdict is clear from the offset: GDPR is an aggressive swing in the face of data abuse, and it puts all the power in the hands of the citizen when it comes to their data. Nearly all organisations in or connected to the EU will need to make changes on how they operate.
Yet, it is important to view this legislation as a way to better protect your customers, and improve your own internal customer data handling procedures. To make GDPR an easier pill to swallow, view it as a positive force that has come to safeguard consumer data rights in our increasingly accessible world. Just as it protects the consumer, it also protects organizations from overstepping their boundaries. As such, these new laws are completely necessary.