With theย latest GDPRย (General Data Protection Regulation) looming your company couldย beย among those anxiouslyย assessing businessย proceduresย and your current digital platforms to ensure you’re in compliance.ย Theย deadlineย to be compliant isย this upcoming Friday, May 25th, 2018. Yourย website needs to be in accordance, or your businessย could face hefty fines of up to 12 million Euros or 4% ofย the companies annual revenues.
The Fundamentals of GDPR
So what’s all theย noise about and how is the new law so different to the data protection laws in the past. The firstย crucial distinction is one of scope. GDPRย protects beyond theย improper useย of personal data such as email addresses andย phoneย numbers. The Regulationย goesย atย anyย form of personal data that could be used to identify an EU citizen,ย such asย usernames and IP addresses.
Second of all, GDPR does away with the “opt-out” feature currently enjoyed byย many of today’sย businesses. GDPR is implementingย the strictest interpretations of using personal data of an EU citizen. GDPR complianceย willย require that such consent is givenย openly, specific, informed and unambiguous.ย It takesย aย clear indication of agreement – it cannot be inferred from pre-selected boxes or inactivity.
Consent Must be Given for the Actionsย you Plan to Take
It’s this broad scope,ย together withย the strictย understandingย that has manyย web developersย and businessย CEO’s in aย fluster, and rightly so. Not only willย your business need to be compliant with the new regulations butย you mayย be required toย showย this compliance. Toย make thingsย even more complicated, the law will applyย not onlyย toย freshly acquired data but also toย dataย already held.
If you currently have a database of contacts to whomย you might haveย freely marketedย in the past, without their expressed consentย you will be breaking the law. Getting consent to USEย dataย in any formย will notย beย enough.ย Any specificย list of contacts you have orย plan toย buy from a third party merchant is illegal without the consent of theย peopleย listed.
Threeย Steps to Compliance
- Understandย your data: In spite ofย the flexibilityย offered by the web, especially in the context of B2B communications, it’sย genuinely worthย mapping out how personal data isย keptย and accessed within your business. This processย can help youย discoverย any compliance gaps andย take actionย to make the necessary adjustments to your procedures. Similarly, you will be looking toย knowย where consentย is neededย and whether any of the personal data you currently holdย still hasย permission to market with.
- Getย a Data Protection Officer: This isย a necessityย under the new legislation if you want toย process personal dataย regularly. The DPO (Data Protection Officer) will be theย primaryย person advising the company on compliance with GDPR and will alsoย work asย the primary contact for Supervisory Authorities.
- Train and Educateย your Team: Providingย your team withย access to proper data training on the context andย effectsย of GDPR should help you stay away fromย a potential breach, so don’t skip thisย part. Data protectionย could be a dullย and dry topic, but taking just a littleย time to ensure employees areย well informedย will be time well spent.
Lastlyย –ย do notย panic! GDPR has not beenย set in placeย toย smotherย commerce.ย Instead, you as a consumer should enjoyย the betterย protectionย of your data and hopefully, less spam!