Stay on the right side of the law with this beginner's guide to GDPR
With GDPR looming just around the corner, we take a look at what's expected from businesses to stay compliant and avoid those hefty fines.
What is GDPR?
The General Data Protection Regulation (GDPR) initiative is being introduced to make data privacy laws around Europe more consistent and will come into effect on 25th May 2018. It’s crucial for businesses who regularly deal with customers in the EU to understand and there are large fines for those that don’t comply. Website owners need to act now.
Why the new regulation?
GDPR actually replaces the existing 'Data Protection Directive 95/46/EC’ and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across Europe approach data privacy.
What if I don’t comply?
The new regulation will enforce greater penalties on business who do not comply. It appears there will be a tiered approach to penalties (although not fully confirmed yet). The only penalties detailed at the moment are:
- A fine of 4% of your annual turnover
- Or up to $25 million.
Ignoring this initiative is not an option as audits will be taking place on a regular basis as each EU member state will have a relevant authority that will manage GDPR compliance.
How do I become GDPR compliant?
It’s a good question.
You’ll want to conduct an audit of the information that you store on your customers. For example how are you collecting the data, where are you storing it, how long are you storing it for, how secure is data etc?
Gaining consent from your customers must be clear and distinguishable from other matters, using clear and plain language. You must also ensure that consent can be withdrawn and customers should be able to request access to their data.
Officially, the regulation outlines a number of components:
Under the GDPR you must notify your customers of a data breach within the first 72 hours.
Right to Access
Your customers have the right to know if their personal information is being processed, where and for what purpose. Furthermore, customers can request access to this data in electronic form (free of charge).
Right to be Forgotten
Also known as 'Data Erasure', the right to be forgotten entitles your customers to have their data erased. This includes no longer processing the data and ensuring no third parties have access to the data.
GDPR introduces data portability - the right for customers to receive personal data from you and provide that data to another source (controller).
Privacy by Design
GDPR insists that data privacy should be considered at the onset, rather than an addition or after thought. For example, all our digital projects include a stage in the development where we review how we are collecting, storing and processing personal information to ensure you are fully compliant.
Data Protection Officers
It’s important to have someone in your business that is responsible for looking after data, ensuring it’s being stored, processed and secured in the right way and ultimately keeping you compliant.
How can REDBOT help?
Becoming GDPR may seem complicated, but a lot of the regulation is common sense. You must take your customer’s data needs seriously otherwise you could be in for a hefty fine and some bad press. We can help in a number of ways, including:
- Conducting an audit of how you collect data
- Review how you are storing data
- Create a plan to help you stay GDPR compliant
- Develop tools to help you manage your customer’s data more efficiently
- General advice and guidance
Take action now!
Get in touch to see how we can help your business stay GDPR compliant.
Call 0118 206 2910
Drop in for a coffee at 9 Greyfriars Road, Reading, RG1 1NU.