On May 25, 2018, the new European privacy regulation came into effect.
GDPR stands for the General Data Protection Regulation.
This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents.
What GDPR means is that citizens of the EU and EEA now have greater control over their personal data and assurances that their information is being securely protected across Europe.
According to the GDPR Policy Template UK directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.
There is no distinction between personal data about individuals in their private, public or work roles – the person is the person. Also in a B2B setting, everything is about individuals interacting and sharing information with and about each other. Customers in B2B market are obviously companies, but the relationships that handle the business topics are people – or individuals.
This new data protection regulation puts the consumer in the driver’s seat, and the task of complying with this regulation falls upon businesses and organizations. Otherwise, you're failing to comply.
What falls under GDPR compliance?
Well, GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU representative or not. Even non-EU established organizations will be subject to GDPR. If your business offers goods and/ or services to citizens in the EU, then it’s subject to GDPR.
All organizations and companies that work with personal data should appoint a data protection officer or data controller who is in charge of GDPR compliance.
There are tough penalties for those companies and organizations who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.
As we mentioned earlier, individuals have 8 basic rights under GDPR Training.
You now need to establish policies and procedures for how you will handle each of these situations.
For example:
How can individuals give consent in a legal manner?
What is the process if an individual wants his data protection impact assessment to be deleted?
How will you ensure that it is done across all platforms and that it really is deleted?
If an individual wants his data to be transferred, how will you do it?
How will you confirm that the person who requested to have his data transferred is the person he says he is?
What is the communication plan in case of a data breach?
Data is a valuable currency in this new world.
And while GDPR does create challenges and pain for us as businesses, it also creates opportunity.
Companies who show they value an individual’s privacy (beyond mere legal compliance), who are transparent about how the data is used, who design and implement new and improved ways of managing customer data subject request management throughout its life cycle build deeper trust and retain more loyal customers.
When first announced in 2016, it felt like there was plenty of time for new businesses to take the necessary steps. But, this time has flown by and many companies are still scrambling, even after the deadline has passed. So, if you haven’t already started your journey to compliance, we urge you to start now.
Dedicate time to understand what you need to do in order to become compliant and use the practical tips shared in this article to help you get started. Then, create a plan of action for your journey to GDPR so you can ensure you and your business are complaint sooner, rather than later.
How has GDPR impacted your business?
Let me know in the comment section below.