What is GDPR and how it affects you?

On May 25^th, 2018 the Data Protection law changed

From May 25^TH 2018 EU countries implemented a brand new data protection law clamping down on what can be seen by businesses in regards to consumer’s private data. This law is called the General Data Protection Regulation or GDPR. The GDPR will be what representatives in the EU have called, ‘ the most important change in data privacy regulation in 20 years.’ Although this will be an EU law, Britain has ensured to redraft their Data Protection Bill, so that after Brexit, the new law is closely in line with the GDPR.

Objectives of the GDPR

The GDPR is working with two objectives in mind. Firstly to give consumers back control of the personal information they choose to put online. Secondly, to simplify the regulatory environment. As everyone will be required to follow a single set of laws, it will be harder for organisations to evade following them. The GDPR has been introduced to encourage stronger data protection across Europe, a regulation that is sorely needed after the Facebook data breach which happened earlier this month. It is believed that around 1 million UK users had their data leaked, therefore, hopefully, the new law will prevent this occurring again.

Impact on businesses

As a business, you may be concerned about what this means. Whether you are a small or large business, it is essential that you stay on top of new regulations. Every company, regardless of size, will have to comply regarding the secure collection and storage of personal information. Furthermore, should these regulations be violated, fines will be issued. This not only emphasizes the severity of the law but a hefty fine could be detrimental to smaller businesses.

The area where GDPR will affect your business the greatest will be on your own website or database. Social platforms used by your brand will remain unaffected. It is up to those Social platforms to inform their users of changes to their terms and conditions. In regards to your own platforms, however, you will be held accountable. The Information Commissioner’s Office has released twelve steps your business can take to limit data violations and ensure you are ready for the implementation.

12 step preparation

1. Make sure key decision-makers are aware of the implementation of the GDPR
2. Document what personal information you currently hold in your company database
3. Review your current data protection regulation and see what changes will need to be made
4. Check how the GDPR will affect individuals as well as businesses
5. Update access requests within the timescale
6. Identify what information you will still be allowed access to
7. Review how your business will obtain consent after the GDPR and refresh current consent regulations
8. If your business is dealing with minors, verify how you need to obtain consent and if this needs to be from a parent or guardian
9. If your business does have data breaches, what steps you will need to take to prevent or rectify this
10. Gain a full understanding of the GDPR and its guidelines so that you know when to implement them within your organisation
11. Designate someone within the organisation to take responsibility for data protection and consider whether this needs to be formally recognised
12. If your business is international or you carry out cross-border processing, determine your data protection authority.

Preparation is key

Being aware of the impact, knowing what information you will no longer be able to access and communicating opt-in procedures are all included. Furthermore, understanding the law and what to do if there is a data breach within the organisation. Marketing companies are offering GDPR audits to ensure that your company, irrespective of size, is following the correct procedure.

It is essential that you are prepared for the implementation in May, data protection is an area that will need careful monitoring and updating. Once the GDPR is here, it is here to stay, and unlike previous Data Protection laws, this will be the strictest one to date.