You may have heard this term floating around a lot over the past couple of months or so… But many businesses don’t actually know what it stands for or how it could affect your business. GDPR relates to data protection, so it’s important to know about it and implement anything needed within your company. Especially when it will be implemented on 25th May 2018…
This Is The Wikipedia Description Of What GDPR Is:
“The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.” – Wikipedia
Image credit: Comfreak via Pixabay
The Simplified Definition:
In short, it means that businesses are more accountable when it comes to the data they keep and store for EU citizens. This data can be anything, from client invoice records to email addresses gained from newsletters. It does, however, now also include data such as genetic, mental, cultural, economic or social information.
This, of course, is fantastic news for everyone; as tighter control over data prevents data breaches and gives the customer more control over their data. However, it does mean that all businesses now need to relook at the data they store. Potentially placing new measures to stay compliant with the new law.
What Do You Need To Do?
As a business you already have a duty to protect and maintain personal data. But additionally to this you also need to make sure that the consent you get from customers for their data is clear; as well as being clear yourself when asking for data. The customer needs to be 100% aware of how their data is also being used.
Image credit: Brenkee via Pixabay
For those with 10 or more employees, you must also employ a DPO (Data Protection Officer); or assign the role to an existing employee. This person will then be the main point of contact for those who wish to talk about their data. They also need to do privacy risk assessments whenever data is being used.
The new regulation also means that you’re required to notify the local data protection authority of a data breach within 72 hours of discovering it. This also requires you to have technology able to detect such breaches.
The Right To Finally Be Forgotten
The most important thing that businesses need to comply with and recognise is a user’s right to be forgotten. Something that many individuals have fought for over a number of years. This means that anyone, whose data you own, can request for it to be removed at any time. You absolutely must then remove that data there and then, confirming this to the user.
Image credit: Andriy Popov via 123RF
You also need to only use data for the purpose in which it was originally intended; rather than changing the purpose after collecting the data. Any misuse of data in this way could result in large fines for your company.
Lastly the GDPR means that you no longer need to talk to various EU states to discuss data protection. All processes will soon come under one roof. This makes it a lot easier for companies all over the EU to comply with the laws. It also makes it easier to talk to the authorities about any matters involving data protection.
Although we’ve barely scratched the surface when it comes to GDPR, we hope that this small explanation gives you better insight. We also hope this article will get you on your way to being 100% compliant. Remember, the news laws are coming into place within the next few months.
What do you think about GDPR? Do you think it’s good or detrimental to businesses? Is there anything we missed off that you think is important? Let us know by tweeting us at @CCC_Finance!
Feature image credit: iAmMrRob via Pixabay