On May 25th, your business will need to comply with the General Data Protection Regulation (GDPR). This regulation was approved by the EU Parliament in April 2016 and will be enforced beginning May 25, 2018.
It will affect Companies worldwide that store or process the data of people who live or do business in the European Union. The intent is to protect the data privacy of EU citizens and create consistent data privacy laws across Europe.
Your organization should assign responsibility to someone who can read the GDPR provisions and familiarize themselves with the requirements and how they pertain to your business.
Here are the highlights:
- Regardless of where your company is located, you are still required to comply with the regulation.
- Individuals may request and receive their personal data at any time.
- The right to ‘be forgotten’ allows contacts to request their personal data be erased, that all communications cease and that their data is no longer processed by third parties.
- There are strict parameters for getting consent that require clear, easy to understand and easily accessible forms. Withdrawing consent must be equally as easy.
- Non-compliance penalties apply to controllers and processors. A breach of the regulation can cost a maximum fine of 4% of annual turnover or up to 20 million pounds (whichever is greater).
Here's how you can prepare.
- Assess your organization | Review the requirements of GDPR and be sure to update decision-makers about the changes to be made.
- Information audit | Take an audit of the personal data you collect and store, where it came from and who you share it with.
- Update your privacy notices | Update how you communicate with your customers and communicate how you will use the personal data you collect.
- Data portability | Consider how your systems will handle an individual’s request to get their data in a commonly used, readable format.
- Access requests | Verify that you can accommodate how to deal with data access requests within 30 days.
- Consent | Review consent instructions provided by the Information Commissioner’s Office on how you seek, record and manage consent.
For more information, visit https://ec.europa.eu/info/law/law-topic/data-protection_en.
Image source: blog.geant.org