GDPR: What is it and how will these new EU regulations coming into force on May 25th 2018 affect your business?
The General Data Protection Regulation (GDPR) will replace all the existing data protection laws across Europe and shape the way in which companies handle, protect and profit from data.
GDPR will affect the whole of the EU Zone, which currently spans 28 member countries and half a billion citizens.
Its goal is to unify data protection across the European Union, but because GDPR applies to individuals within the EU or the European Economic Area (EEA), companies outside these zones will still have to meet the standards if they want to continue using data from customers in the EU.
But what will it actually change?
Access
We will be able to request access to our personal data and find out what it’s used for after a company came into its possession
Right to be forgotten
Your consumers will be able to request for your business not only to delete it, but also don’t share it with third parties.
Data Protection Officers (DPO)
Anyone holding or processing personal data will have to appoint a DPO (although that person can be a member of the organisation’s existing staff).
The DPO should be the head of the data privacy governance structure, liaise with the supervisory authority (the Information Commissioner’s Office for US businesses) and report directly to leadership.
Consent
Your consumers must be notified you will be gathering their personal data. They will have to opt in for their data to be gathered, and consent must be freely given rather than implied.
Data processing registries will become mandatory
This means your business will need to keep a written (electronic) record of personal data processing activities, capturing the lifecycle of the data and the name and contact details of the data controller.