GDPR is coming – are you ready?
May 22, 2018
By Recycler Magazine
On the 25th of May, the new European Union directive will come into force – make sure your business is ready for the changes!
The General Data Protection Regulation ( GDPR ) was announced in April 2016, and becomes law in every EU Member State at the end of this week. The law replaces 1995’s Data Protection Directive, and will grant individuals greater power in demanding that companies reveal what personal data about them they have on record – and the power to make them delete it.
It is also designed to make data breaches much easier to tackle, with regulators able to work across the EU and not having to deal with separate legal frameworks in each jurisdiction – much like the forthcoming UPC.
With power for the individual comes a potential minefield for companies and corporations, and those hit hardest are likely to be those that amass the most personal data of its clients and customers. Marketing agencies, data brokers, and technology firms are predicted to be the three strands of business feeling the heat the most.
Many businesses will now be required to have specific practices in place to collate the personal data they use; collation will allow them to reveal, or delete, data as requested. A large number will also be forced by the regulations to seek explicit consent – if your business relies upon acquiring customer data, you will probably need each customer to grant specific permission for it to be collected and used.
It is essential that if your business requires this consent, that you receive that consent before the 25th of May, when the new regulations come into force. This is why many people across the continent are suddenly finding a slew of new emails hitting their inbox, seeking the permission to continue emailing. Consent must take the form of an active, affirmative, opt-in, rather than being taken as a given, via a pre-ticked box or an opt-out system. Businesses will also be required to record when, and how, consent was given, if they are to keep data.
As a business, you will also need to clearly state the purpose of collecting any personal data – what it will be used for, why it’s being collected, how long it will be kept for, and who it is set to be shared with.
Consequences of not adhering to GDPR can be severe, with lawsuits against your company a possibility, and fines for non-compliance being as potentially high as 4 percent of your annual turnover. It is therefore vital you make sure your business is GDPR-ready for when it comes into effect on Friday.
One of the best ways a business can cope with the new regulation is by appointing a particular member of the team to oversee your company’s compliance. Whether it is a pre-existing position, like a Chief Data Officer, or a new post such as a Data Protection Officer, making it their responsibility to ensure your business and your workforce are fully briefed and on top of GDPR will be vital in the long-run.
Fundamentally, GDPR is designed to benefit and empower individuals and protect their personal information; if your company can do that, GDPR shouldn’t pose too much of a problem, and it will doubtless be beneficial for the future to ensure that your customers and clients are secure and comfortable when dealing with your business.