With the latest GDPR (General Data Protection Regulation) looming your company could be among those anxiously assessing business procedures and your current digital platforms to ensure you’re in compliance. The deadline to be compliant is this upcoming Friday, May 25th, 2018. Your website needs to be in accordance, or your business could face hefty fines of up to 12 million Euros or 4% of the company’s annual revenues.
The Fundamentals of GDPR
So what’s all the noise about and how is the new law so different to the data protection laws in the past? The first crucial distinction is one of scope. GDPR protects beyond the improper use of personal data such as email addresses and phone numbers. The Regulation goes at any form of personal data that could be used to identify an EU citizen, such as usernames and IP addresses.
Second of all, GDPR does away with the “opt-out” feature currently enjoyed by many of today’s businesses. GDPR is implementing the strictest interpretations of using the personal data of an EU citizen. GDPR compliance will require that such consent is given openly, specifically, informed and unambiguous. It takes a clear indication of agreement – it cannot be inferred from pre-selected boxes or inactivity.
Consent Must be Given for the Actions You Plan to Take
It’s this broad scope, together with the strict understanding that has many web developers and business CEO’s in a fluster, and rightly so. Not only will your business need to be compliant with the new regulations but you may be required to show this compliance. To make things even more complicated, the law will apply not only to freshly acquired data but also to data already held.
If you currently have a database of contacts to whom you might have freely marketed in the past, without their expressed consent you will be breaking the law. Getting consent to USE data in any form will not be enough. Any specific list of contacts you have or plan to buy from a third party merchant is illegal without the consent of the people listed.
Three Steps to Compliance
- Understand your data: In spite of the flexibility offered by the web, especially in the context of B2B communications, it’s genuinely worth mapping out how personal data is kept and accessed within your business. This process can help you discover any compliance gaps and take action to make the necessary adjustments to your procedures. Similarly, you will be looking to know where consent is needed and whether any of the personal data you currently hold still has permission to market with.
- Get a Data Protection Officer: This is a necessity under the new legislation if you want to process personal data regularly. The DPO (Data Protection Officer) will be the primary person advising the company on compliance with GDPR and will also work as the primary contact for Supervisory Authorities.
- Train and Educate your Team: Providing your team with access to proper data training on the context and effects of GDPR should help you stay away from a potential breach, so don’t skip this part. Data protection could be a dull and dry topic, but taking just a little time to ensure employees are well informed will be time well spent.
Lastly – do not panic! GDPR has not been set in place to smother commerce. Instead, you as a consumer should enjoy the better protection of your data and hopefully, less spam!