What is GDPR and how does it affect me?
What is GDPR?
The General Data Protection Regulation (GDPR) is a European law that came into effect on 25 May. GDPR will bring an update to the antiquated data laws in Europe that were first created in the 1990s and harmonise the data privacy laws across the European Union. This regulation will bring massive changes to the way technology, advertising, and marketing are used in any company doing business in the EU, or that involves EU members data. The main purpose of GDPR is to give individuals a greater right to privacy and better control over the data that companies have on them.
There are several parts to GDPR that give consumers greater privacy rights. If a company is collecting data on consumers, the company is required to disclose this, as well as what information is being collected. Consumers must consent to all of these forms of data collection individually, meaning companies cannot group all of the different forms together. All companies must keep records of the data they collect (as well as how and when consent was given), so that if a regulator inquires about the lawfulness of their data, a company would be able to show that it was collected transparently, under the rules, and for a specific purpose. Consumers ultimately have the ability to inquire about what information a company has on them, as well as remove it or transfer it to another data processor whenever they desire and at no cost.
The last major part of GDPR is that companies are required to disclose a data breach to their data protection authority within 72 hours and “without undue delay” to their customers. Failure to abide by any of these rules could result in a hefty fine of 20 million euros or 4% of your organisation’s international turnover, whichever is greater.
How does GDPR affect businesses?
While GDPR is great for customers, it will be difficult for a lot of companies to adapt to these new regulations. GDPR has a lot of vague guidelines for compliance, so survey results range from 40-98% of companies being ready for GDPR. Regardless, companies that do not comply with the new rules are likely to face hefty fines if they do not work to change soon. Company compliance teams need to work with data teams to ensure that all of the data collected has a purposeful use, was obtained with consent to every bit of information, and that this data is transparent to consumers. It is relatively easy for large companies to hire a compliance officer, but it will be much harder for smaller businesses to do so. Any small company that controls data is much more at risk than bigger companies, and they need to ensure that all data stored is kept on record and is kept lawfully, transparently, and purposefully.
GDPR at GoToDigital
GoToDigital is a data processor, so we have a large responsibility in maintaining the privacy of customers’ data that we store. We ensure that all information on every customer is received with full consent. We also use every customers’ data for a purposeful reason: to provide them with the services or goods that they need from quality providers. Since GoToDigital is a data processor, it is of utmost importance that we collect data in a lawful, purposeful, and transparent way, so that we may ensure our controller does not get in trouble for a breach of GDPR. GoToDigital has adapted to all of the laws that GDPR has updated, and we remain transparent with leads and clients, to ensure that every piece of data collected is done with the individual’s rights in mind.