Do you know what your responsibilities are under the GDPR?
The General Data Protection Regulation (GDPR) will finally come into effect on May 25 2018. That means you’ve still got a few months left to adjust your business to the new framework for EU data protection that was created way back in April 2016.
This is one of the most important changes to data protection there has been, which gives people in the EU more control over what happens with their personal data. We all know that businesses, whether you are big or small, are always responsible for customer data and to protect sensitive information.
With the GDPR, this is an obligation that is more important now than ever before.
There’s no way your business can ignore it or not take your responsibilities seriously. This data protection framework will introduce stricter and tougher regulations than before, which means bigger fines and more punishment for businesses that don’t comply with it.
Now you can face millions of dollars in fines or as much as four percent of your annual turnover to pay-out in punishment.
For a lot of businesses, there’s even a risk of insolvency when it’s combined with the possibility that customers can individually sue you for data protection breaches.
Naturally, businesses view the GDPR as a burden and something that’s complicated and going to make their life more difficult. But, you can actually use it to your advantage.
If you make it obvious to your customers that you’re compliant and following these new rules to protect their data, you might actually bring in more custom and be seen as trustworthy.
Of course, you might be thinking that the GDPR doesn’t apply to you because your business isn’t in Europe. But these regulations will apply to certain data controllers and processors if you offer goods or services within the EU and process EU citizen’s personal data.
With the internet and online businesses, this means an ever-increasing number of international businesses will be governed by the GDPR. So, you’ll likely need a representative for your business in the EU.
With the introduction of the GDPR looming on the horizon, it’s time to get your company ready. Let’s find out about the key changes that will be introduced by the new GDPR legislation so that you can make sure that your business fulfills its obligations.
Under the GDPR, its now going to be a mandatory obligation to appoint a data protection officer for your business in certain circumstances.
This will include if you are a public authority, your core activities include regular monitoring of data subjects or if you process large amount of data.
This will mean that you’ll need to hire a new data protection officer that has the knowledge and experience to ensure that all personal data is secure and collected properly. If you have someone who can fulfill this duty, you can simply promote them instead of hiring someone new.
Right now, it’s easy to hide consent away in the small print. But, the GDPR introduces a stricter definition of consent, which means that this now must be clear to customers – inactivity no longer counts as consent either.
The consent has got to be informed and freely given by your customers, which means you may need to make changes to your website or documentation going forward.
The GDPR is all about putting customer’s first and making sure their personal data is looked after. Under the new regulations, you’ve got to make sure that personal information is given to customers free of charge – you can no longer charge for it and it’s got to be delivered within one month.
Customers will have the right to see all of the information you have about them and will have more control over what happens to it.
This also means that customers can ask to have their personal data erased in certain circumstances. For example, this may be when consent has been withdrawn or it’s no longer necessary to keep it.
If you don’t follow the regulations in the GDPR, the worst thing you can do is ignore them and hope it goes away.
There’s now a rule that you must report breaches within 72 hours. That’s why it’s important to make sure that all of your employees know the processes and ways they can see if anything has gone wrong with data protection.
It should be made clear to all employees that they should report any mistakes or problems that they come across within 72 hours to avoid serious punishment.
The GDPR makes businesses more accountable for data protection. This means that you’ll have a lot more processes to introduce to show that you’re compliant with all of the regulations.
This includes keeping certain documentation, completing data protection impact assessments and introducing data protection policies in the office.
Now is the time to get your employees up to speed and offer training to get everyone on the same page in preparation for the GDPR. With big fines and tough punishments, it’s important that you follow all of the regulations closely.
These are only some of the changes that the GDPR has introduced – you’ll find there are lots of other rules and regulations that you’ve got to follow too.
Don’t panic - you’ve still got time to prepare and train your employees to ensure you know all the regulations before it’s introduced on May 25 2018.