What is the GDPR?The GDPR is nothing to fear if you are compliant with the new rules and regulations. On May 25, 2018 The General Data Protection Regulation (GDPR) will come into action, resulting in a change how companies will collect and utilize their data warehouses. A question a lot of businesses will start to ask is ‘How does it affect our organisation’ or ‘But we’re already compliant’. Before you assume you are out of the danger zone, it will apply to all companies selling to and storing personal information about consumers in Europe, including those on other continents. The new regulation is to protect consumers of the EU and EEA, giving them greater control over their personal data and giving them assurance that their information is being securely handled properly. What is personal data? Personal data is anything related to a person such as a name, a photograph, an email address, bank details, updates on social media websites or even an IP address. Under the GDPR, consumers have the rights to 8 different regulations.
- The right to access any data, and how it is being used by a company.
- The right to be forgotten if the consumer is no longer a customer or if they withdraw their consent from the company.
- Users have the right to transfer their data from one provider to another, and it must happen in an easily readable format.
- Customers must be informed if their data is being gathered. Consumers must opt-in for their data to be gathered, and they must be freely given and not implied.
- The right to have information corrected – this allows individuals to have their data updated if it is out of date.
- Individuals can request that their data is not used for processing. This means that their data can be stored but cannot be used.
- The right to object - this gives the individual to stop the processing of their data for direct marketing.
- The right to be notified. If there is a breach of data, the individual has the right to be notified within 72 hours.
Are you privacy by design or privacy by default?Privacy by design is self-explanatory, organizations need to consider the customer’s privacy in the design phases and throughout the development of the new products, processes or services that involve any personal data. Privacy by default is a system or service that includes a set of choices for the individual on how much data they want to share with the company, the default settings should be the most privacy-friendly ones. Both privacy features require employees - especially those involved with the implementation of new products or services to have enough basic knowledge of consumer privacy. To help you with the implementation of the new GDPR, we have written several rules and regulations for your organization to follow. How your company can prepare for the GDPR
- Map your company’s data
- Determine what data you need to keep
- Put Security measures in place
- Review your documentation
- Establish procedures for handling data
- Appoint a data protection officer