What You Need to Know about GDPR
What does 25th May mean to you? If your only thought is whether it will be a nice, sunny Friday, you’re lucky. For millions of businesses across the world, this otherwise inconspicuous date is doomsday itself: it’s the day the GDPR takes effect.
That’s a bunch of scary-ish letters, I guess. What is GDPR?
GDPR stands for General Data Protection Regulation. And in case that sounds slightly scarier for your business, and you were about to frantically Google ‘General Data Protection Regulation summary help me now’, don’t worry. We’ve got you.
GDPR was agreed upon in 2016, and is an EU law that will affect Britain because it was enforced before Brexit will be in full swing. It’s set to apply after, too, whenever a company deals with EU citizens’ data.
GDPR has been set up because more of our personal data is ending up online than ever before, and more of that is being hacked or used against our will. The EU is aware that individuals have minimal control over what happens to their personal information.
It seeks to protect EU citizens’ data from foreign (non-EU based) companies. Individuals will regain control over how their data is used, and how it is processed, under the “right to be forgotten” plan. They can tell businesses to delete their data, and businesses MUST comply.
Will it be tough on businesses?
The General Data Protection Regulation summary for businesses isn’t quite as simple. Rather than simply clicking a button (like individuals must do to protect their data), businesses may have to redesign the way they use data, and some will have to adjust their entire business strategies.
This is because companies can face fines of up to 4% of company turnover, or 20 million Euros (whichever is greater) if they fail to offer customers the ability to ask for their information to be deleted, or fail to delete it if requested.
Equally, businesses outside the EU who hold onto EU citizen data could also face huge fines.
Furthermore, any breaches or leaks of data will have to be reported within 72 hours. Whilst a hacker may be prosecuted, any business which fails to release the information is considered just as responsible. Minor breaches are unacceptable under the new legislation, so it’s unlikely EU law will accept your ‘the dog ate my customer data protection software’ excuse.
Are there any positives for businesses?
What is GDPR, other than pretty terrifying? For many, it’s a great idea. As well as increasing transparency, it enables companies to adopt best practices, and become more trustworthy to their customers. Sounds good to us.
Where do I start?
Don’t be too quick to start sweating profusely and calling everyone on your company’s board. Chances are, if you’re already on top of laws about data protection, or are regulated by the FCA or PRA, you’ll be able to make easy changes from the current Data Protection Act in order to comply with GDPR.
It’s vital that you’re prepared to release customer data from your databases should they ask. It’s important that you make the process easy to do so. As such, keeping on top of the tech is key.
The best advice at this point is to be prepared. If you’re still searching ‘general data protection regulation summary’, now’s the time to appoint a data protection officer, to reduce the risk of fines or legal proceedings if you’re not ready come May the 25th!
So, act now.
It’s crucial to be on your toes throughout this change. Review how your company currently uses data, and ensure that you’re ready for the changes.
The official documentation can be found on the ICO’s website. It’s a lot to read, but if it saves 4% of your company’s turnover, it’s worth it! Have a read here.