What is the GDPR?
GDPR, also known as the General Data Protection Regulation, is a newer regulation that applies to EU law that provides data protection and privacy for all citizens within the European Union. By giving back control of “personal data” to EU residents, the GDPR sets the regulatory environment for international business. Although it may seem complicated, here is a simplified summary to understand the basics of what it covers and how to comply.
What is Personal Data?
Information that can directly or indirectly identify a human being is considered personal data, including (but not limited to) names, gender, nationality, birth dates, physical addresses, email, IP addresses, demographic information, and more.
Who must comply?
Any organization that does business in countries in the EU are affected, regardless if the company’s origin is inside or outside of the EU. Any business that offers goods and/or services to EU citizens, especially in the area of data collection, will have to comply with the GDPR standard by May 25th, 2018.
What does the GDPR do?
The GDPR ensures that companies adhere to the following while collecting personal data:
- The right to be informed
- Pay attention to how your business is collecting and using personal data collected. Be prepared to provide this information if requested.
- The right to be forgotten
- Under specific situations and scenarios, EU citizens must be allowed to have their personal data “forgotten”.
- The right of access
- Be ready to provide an explanation of who will have access to customers’ data and why.
- Data correction
- Incorrect information that appears in customers’ data must be able to be corrected free of charge.
- Data export and mobility
- Tools to export and relocate personal data need to be readily accessible.
- Object to or restrict data use
- A person has the right to object the use of their personal data, as well as the opportunity to block the processing of their data.
What should you do to be compliant?
Make sure your business is compliant with the GDPR by following the proposed guidelines below:
☑ Review your existing data collection strategy. Limit the data you are collecting by focusing on the necessary information that your business needs and plans to use.
☑ Follow the proper procedures to keep “personal data” secure.
☑ In the process of data collection, explain to the customer why you are collecting their data and how you intend to use it.
☑ Ask for explicit consent in obtaining their information and utilize appropriate and secure methods to keep their consent records.
☑ Ensure that your customers know their rights over their personal data.
☑ Define a set of procedures in the event of a data breach from within your organization.
☑ Provide a clear opt-out process and withdrawal of consent, including the right to be forgotten.
☑ Make the necessary changes in your privacy policy and other documentation regarding “personal data” use. Your new changes should reflect all of the guidelines above.
How Much will non-compliance with GDPR cost you?
When does the GDPR take effect?
The GDPR was approved and adopted into EU law in April 2016. After a two-year transitionary period, the GDPR will become enforceable on May 25, 2018.
Where can I learn more about the GDPR?
You can read more details on the GDPR website.