Your inbox may have recently been flooded with emails from various companies asking you to accept new “Terms of Service” updates. Or maybe you’ve just heard about the mysterious “GDPR” mandate that goes into effect today (Friday, May 25). But much of the information does a poor job describing the changes that are actually taking place. It’s important for your business to know what’s new in order to be compliant with the new regulation — because the legal ramifications could be steep.
What is the GDPR?
The European Union’s General Data Protection Regulation (GDPR) was passed in 2016 and aims to give Internet users more privacy and control over their personal data. Companies are now required to report data breaches within 72 hours. They also must allow users to access any private data gathered on them and find out how it’s being used.
Users even have what is called the “right to be forgotten,” allowing them to demand that companies remove certain personal information from the Internet. They even have the right to opt-out of sensitive data collection. The GDPR also broadens what they determine as “personal data,” including locations, browsing history, and IP addresses.
Personal Data
Personal data is considered anything that relates to identifiable information. In layman’s terms, it pertains to basic identity data, such as names, health, genetic info, IP addresses, encrypted data, and political affiliations. The GDPR requires organizations to get consent from users before storing and processing personal information.
What Does GDPR Mean for Your Business?
The GDPR brings about several new requirements for businesses. Even though it’s a European sanction, it still applies to U.S.-based companies. This includes all government agencies, businesses, non-profits, and individuals that access the data of people in the EU, or those that offer goods/services to people in the EU — even if it’s a free offer. If you’re not compliant, you could be hit with massive penalties, including a $24 million dollar fine, or docked 4% of your global turnover (whichever is greater).
To ensure compliancy, you need to take steps to adhere to the new changes. To start, you should keep meticulous records available for controllers and regulators; appoint a local representative; notify controllers as soon as possible when a breach of data occurs; and provide support to the user. Companies must also make their request for consent clear and straightforward.
View a more detailed compliance checklist and some useful information with this link.
Additionally, privacy rules must be shared across all lines of business. This ensures personal data can only be accessed by those with proper rights. Don’t fall behind on GDPR compliance so you can avoid fees and other issues that may come up down the line.
What Does it Mean for Users?
There’s not much to worry about on the user side at the moment. The responsibility mostly lies on companies themselves to react to the GDPR and get compliant as soon as possible. If you’ve been receiving notifications from companies like Google, Twitter and Instagram, or others, they are simply trying to get you to grant them consent. It is important to know the privacy responsibilities of these businesses. That way, you know when you are entitled to compensation for any damages resulting from an organization’s non-compliance.
The GDPR brings plenty of change for businesses and users alike. Make sure you stay up-to-date with the latest information about the GDPR, and know all the new requirements that should be made to avoid any penalties.
Need any more help or information? Contact us at businessbldrs.com/contact
