Don’t Fear The GDPR: What is it and How Does it Affect You?
If you’ve been keeping up with all the frightening headlines in the business pages, you’re probably aware of the doomsday forecasting that is the 25th of May 2018. The GDPR (General Data Protection Regulation) deadline is closing in with Brexit-like gloom, but what exactly is it and should you be worried about it?
In the light of recent cyberattacks, such as the hacking of the Musgrave Group last October, it has never been more important for businesses to protect their data. The GDPR is a new set of regulations that will change the way businesses handle and process the data of individuals from the EU - to the empowerment of the customer.
The new directives proposed by the EU are intended to protect the privacy of individuals and instruct organizations on the best practice regarding to the collecting, processing, and indexing of human data.
So, if you’re a business owner, this means that you must be sure to acquire express consent from an individual before you gather and use their data, and you must make sure that the data is kept safe. Sounds a bit like common sense, doesn't it?
But even though it may sound like common sense, failure to comply with the new regulations may result in fines of up to €2 million, or 4% of your annual revenue - whichever is higher. Now we’ll admit, that’s pretty scary.
From May 25th 2018, all organizations handling the data of EU citizens should ensure that:
· Data has been collected with express consent from the individual.
· The individual has been told exactly how their information will be used.
· The individual has given consent for their data to be used as such.
· The individual understands that they have the right to withhold consent without losing access to services offered by the organization.
· The individual understands that they have the right to access the data collected about them.
· The individual understands that they have the right to request that their data be removed from the database.
· The security software used to protect data is performing to a high standard.
· The organization has appointed a data protection officer to ensure compliance with the directives of the GDPR.
· Should a data breach occur, all individuals catalogued in a database are notified immediately. The data breach must also be reported to the Supervisory Authority.
If those bullet points seemed a little overwhelming, there’s a much easier way of looking at it. You and your business will be safe from those hefty fines as long as you stick to four very simple and elementary rules:
1. Make sure your customer knows everything you know about them.
2. Make sure your customer knows their rights.
3. Make sure your database is safe.
4. Make sure you know what to do if there is a breach.
In short, as a business owner, you are being asked to take extra care with how you handle your customer’s information. And that’s a directive that shouldn’t scare you at all.