data protection GDPR

Yeah, yeah, yeah, we know you’ve heard all about the GDPR, or General Data Protection Regulation over the past couple weeks but if you think you can forget about it now that it’s not in the news, think again. Implementation of penalties for not following the new regulations are just rolling out.

While the data protection laws have been signed in the EU the repercussions of those new rules are world wide. Back in 2016 the decision was made to pass the GDPR, which give EU citizens extra protection when it comes to their personal data.

The regulations will allow these citizens to request their information be deleted, changed if wrong, and even be delivered to them in a portable form. Companies will need to be completely transparent in what data they have and how they are using it.

This is where things become really chaotic when you’re talking about a business network where gathering as much information as you can on consumers, even if it’s irrelevant, has been the name of the game. Half the problem for many companies will be creating a cohesive system that stores this data efficiently and is easily accessible for when people request there information be delivered, changed, or deleted. Having a person request their information be deleted gets a lot more complicated if you don’t know where that data is living and in how many places.

You might have an email platform that stores a customers data but you’ve also uploaded it to Facebook for an ad campaign targeting likeminded people. Regardless of where the data is, you have to be able to control it, edit it, or delete it.

Any business that has a web presence needs to look into their consumer base. If you sell services or goods to any citizen of the EU, you must be compliant with these laws since you need to gather their information for the transaction. “The GDPR regulations only affect websites that intend to offer goods or services to EU residents or if that website processes the data specifically for the purpose of monitoring residents’ behavior.” – Peter at Roundpeg.

This is a very new set of rules that are going to take time to fall into place. At the moment, it’s not clear how severe the specific penalties will be for failing to comply and there will be a trial and error period as the regulators decide what is most effective.

What you need to do (if you are a company this applies to):

  • Understand what information you have on consumers and where that information is stored.
  • Know exactly how you’re using it and be prepared to explain that to the public.
  • Create a system where you can efficiently access the information you have on individuals in order to edit, delete, or export it to that person.
  • Create a system/designate a person responsible for fielding requests to edit, delete, or receive the information.
  • Update your privacy policy to reflect these changes and make it readily available to the public.

To see these regulations in their full form click here.

Sources:

https://gdpr-info.eu/

Roundpeg Article: GDPR Help for U.S. Businesses