The new General Data Protection Regulation (GDPR) came into force on the 25th May 2018. If organisations are found to be non-compliant on or after this date then your company will face legal action. Organisations can be fined up to 4% of annual global turnover, or €20 Million (whichever is greater). This new legislation replaces the existing 1995 Data Protection Directive 95/46/EC. Our data-driven world has changed enormously since 1995, therefore a more up-to-date regulation was inevitable.
The impact on businesses will be huge and it will permanently change the way that personal data is collected, stored and used.
What is GDPR designed to do?
GDPR is “…designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations approach data privacy.”
What is Personal Data?
Personal data is any information related to a person or ‘Data Subject’ that can be used to identify the person. Including a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Increased Territorial Scope
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU.
Organisations failing to prove compliance to GDPR can be fined up to 4% of annual turnover, or €20 million (whichever is greater). A tiered approach will be taken with regards to fining, for a fair and open fining process.
Consent must be provided in a clear, intelligible and accessible form. The language used must be plain and clear for people to understand and withdrawal of consent must be as simple as the process of giving consent. People must be able to withdraw consent at any given time.
How Can Teknet Help?
- Ensuring websites are encrypted and secure with an SSL Certificate
- User profile ‘pseudonymisation’
- Newsletter subscription – users must now opt in to newsletters
- All contact forms must have a consent to opt in option
- Disclaimer/consent must be added to the checkout process
- Adding a disclaimer to live chat facilities
- Adding a disclaimer to forums or message boards
- Adding a page where users can request access to their personal data
It’s In Your Hands
Teknet will guarantee that your website conforms to all GDPR obligations. Nevertheless, there are still tasks you must carry out to ensure that your organisation is 100% GPPR compliant.
Make sure that your organisation has a data breach process in place. Data breaches must be reported within 72 hours. In addition to this, it is said that organisations who process data on a significant scale should appoint a Data Protection Officer (DPO), although Teknet recommends appointing a DPO regardless of the size of your organisation.
A Final Thought
The impending GDPR legislation is a concern for all businesses, regardless of their size or power. The general public will be no longer quite so vulnerable in the vast and threatening cyber world thanks to GDPR. The changes being introduced with GDPR will influence your entire business and its processes. The Information Commissioner’s PDF Guide is a great source of reference, helping organisations understand and implement GDPR compliance.
The GDPR legislation will change the way your entire business is run. With regards to your website and digital marketing – we are here to happily help. Contact us today for more information on becoming GDPR friendly, let’s ride the waves of change together.