GDPR is here! Are you ready? If not take action now!

Before now, all we had to do was protect customer data using the Data Protection Act regulations, but matters are about to become a whole lot more strict. With the GDPR rule set to be in place by today, May 25^th, businesses are under a lot of pressure to make sure their websites are compliant – and there could be serious consequences if they are not.

First things first – what is GDPR?

GDPR stands for General Data Protection Regulation, and means that EU companies collecting personal data of its customers need to follow a set of regulations to comply. The reason for the change in law is that the Data Protection Act (1998) is now outdated and isn’t up to speed with the increase in digital technology.

Does it affect you?

If you’re a company who is selling to or storing personal information about your customers or audience – then the answer is yes. The regulation aims to protect peoples’ personal data by giving them more control over who can store it, and gives them the reassurance their information is stored securely. This information includes any personal data related to a person including their name, location details, email address, medical information, bank details, photos, computer IP address and social networking updates.

It is down to you (the business) to meet these new regulations, and it is very important that you follow the guidelines given, as all businesses EU are involved, no matter whether the data processing takes place in the EU or elsewhere. This new law puts the customer/consumer in control, meaning they should be able to make the decisions about where their data is stored and who can access it. It is recommended, therefore, that all companies who are exposed to personal data of citizens, should have a data protection officer to help them comply with regulations.

Find out how GDPR will affect you by taking this quiz.

What happens if you don’t comply?

The changes to the way you store personal data are not just recommendations, they do have a consequence. In fact, you could actually end up having to pay a big fine for non-compliance. Less severe sanctions are also in place including warnings; limited or loss of access to data; temporary or permanent ban on data processing; and suspending data transfers to other countries.

What rights does GDPR give individuals?

There are many changes being made which will give people more control over their personal data, including:

• Having to be informed – this means that a company is not allowed to gather any personal data on an individual without informing them first. Customers therefore have to opt in for their data to be collected rather than opt out.
• Request access – if an individual wants access to their data or to see how it is being used, they have the right to request a copy of the data and in electronic format if needed.
• Objection – this includes the right to decline, or to stop the processing of their data. This means that data processing must stop as soon as is requested by an individual.
• Have data deleted – if a person no longer wants their information to be stored, they have the right to request that it is deleted.
• Restrict processing – this means that a company can store a persons’ data with permission, but they don’t have the right to process it without further permission.

What do you need to do?

You don’t need to panic about the changes, but you do need to find time to check through your company data to ensure it meets guidelines. This includes mapping your company’s data, including what is stored and where; make a note of which data you need to keep and which you can delete; implement security measures, review privacy statements for things such as newsletters which need to be an opt in system rather than opt out; and create procedures to use when handing personal data.

For further information on GDPR and what actions you should take as a business owner, click here.