I’m sure you’ve all seen the term GDPR (General Data Protection Regulation) being mentioned quite a lot of late, but have you yet had a chance to understand how it affects your brand? Well here’s your chance.
We’ve recently hosted a webinar on this very subject, so if you’d prefer to watch this, here’s the link.
What it means?
On the 25th May 2018 GDPR (General Data protection regulation) will be enforced. It has been put in place to protect as well as give customers greater power over the data that businesses hold on them. Many businesses collect customer data for monetary gain and this new law will help put a stop to this.
With greater security threats and breaches occurring all too frequently, it will require all businesses to handle customer data extremely carefully and be seen as doing all they can to stop data breaches and cyber-attacks occurring to their network.
Ian Moyse, Industry Cloud leader & Non Exec director of a GDPR training Organisation states that ‘directors of companies are going to be liable for GDPR’. Failing to comply and meet the new standards of this new law will mean fines of up to €20 million or 4% of last year’s turnover, whichever is greater. A scary thought, I know!
Will it affect me?
General Data Protection Regulation is the most significant law that has been enforced over the last 20 years, and will affect every business big or small across 28 counties in Europe as well as anywhere elsewhere which handles personal data on EU residents. If you come under this, it’s time to take the necessary action to stop non-compliant data activity occurring in your business, causing you to face the crippling fines.
There are various elements Ian Moyse mentions within this webinar which I believe you will find particularly valuable.
- 72 hours to notify of breach- If you feel your business has experienced a data leak, with unintended individuals gaining access to users personal information you hold on them, under the new GDPR legislations you will have 72 hours to notify regional office of this breach. Failing to do this could cause your businesses to receive the maximum fine of €20 million or 4% of last year’s turnover, whichever is greater.
- Users can ask what data you hold on them- GDPR is on the side of the individuals you hold data on, so following this new legislation, individuals will have 30 days to request what data you hold on them. This means you will need to have a system in place to quickly find and remove this data everywhere as and when required.
- Individual can remove consent at any time- Everyone has the right to request they are removed from your database. Do you currently have the capability to remove this everywhere quickly and efficiently? Processes like this will need to be put in place to manage this transition effectively.
- Opt out of web cookies? You will have to give visitors the right to disapprove from cookies even after they have agreed to them.
- Users can claim compensation- Once a breach has occurred, commissions office will notify all customers affected. From this, users affected have the right to claim compensation for their data loss.
- Opt in to all email content- Gone are the days where you can send recipients an email which contains a range of content. As per this law you will have to be explicit as to the type of content they will be receiving and they will have to opt into all of this, before you have the right to send them anything. Failing to do this will mean you’re in breach.
Our biggest advice to you when tackling this mountain of a task is to seek professional advice and attend an accredited training program. This will ensure you are geared up to tackle this hefty task effectively. And I wouldn’t leave it long, there will probably be lots you will have to re-evaluate.