In this edition of my monthly blog, I will discuss what the GDPR is, what it means to both the consumer and the business, and when it will come into effect.
GDPR stands for “General Data Protection Regulation.” It is a new measure by the European Union that will come into effect from May 25th, 2018 and is enforceable from that point onwards. This is thought to be the most important change to data privacy law in the last 20 years. It aims to have a uniform, blanket data protection law framework across the EU, while also addressing the export of personal data outside the EU.
Because it is an EU regulation, it means that there is no new legislation to be drafted, it will just apply automatically. It enforces stricter rules and harsher fines to those processing the data of the consumer.
The EU defines personal data as anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. Anything identifiable to an individual.
Companies, from those processing personal data to those using the information, must abide by these new regulations. They must process relevant data fairly, with a purpose that is clear, and they must delete the data once that purpose has been completed. If there is a breach of this regulation, the company must declare it within a month or face a severe fine.
Most companies should already be preparing for these changes in regulation. Some simple things you can do make sure your business is GDPR compliant is:
- Know your data. Know what information you’re taking from customers and why.
- Keep data secure
- Ensure you have the consent of customers before requesting information. Allow them to give proper consent (i.e., no pre-ticked “I agree” boxes for information)
- Give people the option to remove consent, and let them know they have that option
- Keep a record of that consent, if necessary
- If your company has more than 250 employees, there must be a Data Protection Officer, who is responsible for the collection and safe storage of data.
But what’s important is what it means to the consumer. GDPR is intended to give people full control over their personal data, while still upholding strict rules on those hosting the data. The data must be obtained fairly and with the consent of the individual, it must only be used for purposes that are stated clearly for the consumer to see. The data acquired must be solely that of relevance to the company and is not excessive. It should be kept safe, secure and up to date, and should not be kept for any longer than necessary and should the individual request to review the data, it should be available to them to do so.
For more information or to book a consultation please call the office on 045 881194.