Ready to hit the GDPR panic button?
You’ve heard about the GDPR, but have you taken time to consider how it may impact your business? Do you know what, if anything, you need to do?
If you answered ‘no’, then you’re not alone.
The GDPR is now law, and business owners around the world should take time to consider its impact. For those who’ve been too busy to deal with it until now, here’s a quick guide to get you up to speed with the GDPR. GDPR: the essentials
What is the GDPR?
The GDPR, or General Data Protection Regulation, is the new European Union (EU) legislation that aims to protect the “fundamental rights and freedoms” of people, and “in particular their right to the protection of personal data”.
I’m based outside the EU, why should I care?
The GDPR applies to all controllers and processors of EU citizens’ data – regardless of location. It applies to any business that even monitors the behavior of EU citizens.
What can I be penalized for?
> Failing to process personal data lawfully, fairly and in a transparent manner (including failing to obtain consent)
> Failing to delete personal
data at the request of
a person who doesn’t want their data processed anymore (where there is no legitimate reason for a data controller to keep it)
> Collecting personal data for purposes that are not specified, explicit, and legitimate
> Keeping personal data that is not up-to-date
(in certain circumstances)
> Processing personal data in a manner that does not ensure its appropriate security
What are the penalties?
There is a tiered approach to fines, with breaches at the most serious end of the spectrum attracting severe penalties – up to 4% of annual growth or €20 million, whichever is greater. Ouch.
GDPR compliance calendar
Start by working out whether the GDPR applies to your business. Do you have an office in the EU, allow EU customers to order from your website, mention customers or users in the EU, or track the data of EU citizens? If the answer to any of these is ‘yes’, keep reading.
First, let’s take a breath – you’ve done the groundwork. You now know whether the GDPR applies to your business and, if so, the risks you need to keep in mind and the changes that are required.
Examine and document the ways you collect and store personal data. Compare your processes and policies around the collection of personal data with the GDPR’s provisions. This will help you identify any gaps or necessary changes.
Do you outsource your IT? Use cloud software to process data? Backup your website with an overseas company? Your third- and fourth-party suppliers should also be GDPR-compliant to reduce your risks.
Looking forward, it’s time to introduce a thorough GDPR audit and compliance program. Ensure you have the right people on board to execute the program, and investigate technology solutions that can help ease your GDPR worries. Form a plan around your program to help your business stay aligned with the new requirements.
Check whether these parties are compliant – and if they’re not, what they’re doing to become so.