Before now, all we had to do was protect customer data using the Data Protection Act regulations, but matters are about to become a whole lot more strict. With the GDPR rule set to be in place by today, May 25th, businesses are under a lot of pressure to make sure their websites are compliant – and there could be serious consequences if they are not.
GDPR stands for General Data Protection Regulation, and means that EU companies collecting personal data of its customers need to follow a set of regulations to comply. The reason for the change in law is that the Data Protection Act (1998) is now outdated and isn’t up to speed with the increase in digital technology.
If you’re a company who is selling to or storing personal information about your customers or audience – then the answer is yes. The regulation aims to protect peoples’ personal data by giving them more control over who can store it, and gives them the reassurance their information is stored securely. This information includes any personal data related to a person including their name, location details, email address, medical information, bank details, photos, computer IP address and social networking updates.
It is down to you (the business) to meet these new regulations, and it is very important that you follow the guidelines given, as all businesses EU are involved, no matter whether the data processing takes place in the EU or elsewhere. This new law puts the customer/consumer in control, meaning they should be able to make the decisions about where their data is stored and who can access it. It is recommended, therefore, that all companies who are exposed to personal data of citizens, should have a data protection officer to help them comply with regulations.
The changes to the way you store personal data are not just recommendations, they do have a consequence. In fact, you could actually end up having to pay a big fine for non-compliance. Less severe sanctions are also in place including warnings; limited or loss of access to data; temporary or permanent ban on data processing; and suspending data transfers to other countries.
There are many changes being made which will give people more control over their personal data, including:
You don’t need to panic about the changes, but you do need to find time to check through your company data to ensure it meets guidelines. This includes mapping your company’s data, including what is stored and where; make a note of which data you need to keep and which you can delete; implement security measures, review privacy statements for things such as newsletters which need to be an opt in system rather than opt out; and create procedures to use when handing personal data.
For further information on GDPR and what actions you should take as a business owner, click here.