07 Jul GDPR: Keeping up and making good
The EU is making fundamental changes to its data protection laws: the new General Data Protection Regulation (GDPR) comes into effect on 25 May, 2018 which means any organisation that keeps or processes any personal information on any EU resident need to be thinking about it as soon as possible. But what does this actually mean? What do you have to do to ensure that you comply with the new regulations? Scriptwriter Pirjo Leek tries to shed some light onto this complex issue.
Why should I comply?
As the new law sets out a fine of up to €20 million or 4% of the offending body’s total worldwide turnover – whichever is higher – it makes sense to take it seriously. This amount of money can easily be the determining factor between insolvency and success. Training your staff and making sure your processes comply with the new law is an investment which will pay itself off very quickly.
Why should I invest in complying with EU regulations when the UK is leaving the union?
If you think that GDPR does not affect your business because EU regulations will be irrelevant in post-Brexit UK, think again. The UK government have announced that they still intend to comply with the law which means that UK companies and residents will still be regulated by it. Realistically, this imperative will extend to any organisation which plans to do business in the EU – which is still the world’s largest free trade area. There is no way of escaping it: the GDPR will most probably impact you so it is wise to take action now.
What do I need to do?
The GDPR is one of the most wide-ranging pieces of legislation passed by the EU in recent years which makes some substantial changes to the way processing personal data is regulated. It is more comprehensive and tighter than the previous Data Protection Act (DPA). It also introduces some new concepts for individual protections in the digital era, like ‘right to be forgotten’ and ‘data portability’.
The real impact on your company depends on the specifics of your business but here is a brief overview of some of the changes in law which can substantially change the way you think of data protection.
- Personal data
Personal data is defined in GDPR as ‘any information relating to an identified or identifiable natural person.’ The broader definition which reflects on the recent changes in technology means that, for example, IP addresses are also considered personal data. As a result, you might need to rethink the customer and employee information which is held and acquired by your company.
The rules of what consent to store personal information means have been changed. Silence, pre-ticked boxes or inactivity cannot be defined as consent anymore. People must have free choice to opt in or out. Does all the data you gather follow this rule?
It is illegal to collect information for one reason and then use it for some other reason. You need to be clear upfront about what you will be doing with the data. Similarly you can’t collect more data just in case you might need it later.
- Right to be forgotten
Anyone whose data you have collected can ask it to be removed if there are no valid reasons to keep it. All data which is no longer necessary should be removed.
This list is by no means exhaustive because of the scale and complexity of GDPR but it shows that some of the changes are fundamental to the way data is held, processed and secured. It’s inescapable and will need to be addressed.
Are you prepared for the change in regulations? Is your staff? You need to spread the word about the new laws and we are here to help. As there is a lot to digest and an immense amount of jargon to decipher, learning solutions screens tailored to your specific needs is the best and only way to guarantee peace of mind when it comes to GDPR.
The response to GDPR should not be merely reactive. The truth is the GDPR represents a new perspective on the way that organisations, their clients and their contacts interact. It is a new legislative framework for forming meaningful relationships with your community and sharing new types of experiences with them.
You can build more involved relationships with your customers and staff when you handle their information fairly, lawfully and transparently. The moment has arrived to redefine your relationship to your clients as a fixed and stable partner in a new phase of collaboration on mutually rewarding opportunities for growth.
Change is coming. Make the most of it. Chat to one of our experts to turn your GDPR challenge into a once-in-a-lifetime opportunity.