These days everywhere you turn on the web, 25 May 2018 is being thrown in your face as if it’s some kind of doomsday. The General Data Protection Regulation (GDPR) is being updated and yes, there is a bit of a commotion for most companies to become GDPR-compliant by the deadline to safeguard all the personal data they possess.
Just to draw upon a little background, with the dawn of the World Wide Web in 1990, people have had more information than ever before at their fingertips. Fast forward 28 years and we have access to anything a person could possibly think of. We have made leaps and bounds in terms of technology and continue to make advancements every single day.
On the contrary, our regulations in terms of technology have not joined us on our journey into these advancements. Particularly in how companies handle personal data.
And when does personal data become business data?
This is where the new GDPR comes in.
The new regulation is here to replace the 1995 EU Data Protection Directive. Suffice to say, it’s been a while!
This one is all about transparency and it is not just going to affect companies in the European Union. It will affect every company that sells goods or services to EU customers as well.
And it will still apply to UK businesses after Brexit.
So, in light of this new government standardization, here are some things you need to know when it comes to GDPR.
The data that a company gains from their customers needs to be completely transparent.
You need to be able to show where your customers’ information is being stored and tell them how it is being used.
According to GDPR, a company must be able to show an audit trail to how every single customer’s information is being used within a month of being asked.
The same thing applies to removal requests or ‘erasure’ of personal data. Customers can also request for a copy of all their data.
There needs to be a legitimate reason as to why information is being collected from a current or potential customer.
More importantly, without being asked, customers should be made aware how their information will be used, before they entrust you with their personal information.
With the new regulation, customers have the ability to ‘opt-in’ to companies using their data rather than ‘opting-out.
Newsletter sign-ups are a great example of this as there’s usually a pre-checked option to ‘subscribe’ that the user has not consciously decided, even as they input their email address. From now on, such clever tactics will need to be revisited – absolutely no tricking the customer into ‘agreeing’ to receive a thousand emails from you unless they check that box themselves.
Moreover, this consent request needs to be elaborated upon in a separate page in clear words, unlike the terms and conditions page. Here you can elaborate on why you’re collecting this information, what is the extent to which this data will be used, when you collect data and when you delete it, and who that data will benefit. Customers need to give you consent for all of the above.
Under the new law, [email protected] is not business data any more because you can identify John Smith from this data. From now, this will be considered personal data.
We are currently working to make all our clients’ websites GDPR-compliant in the few instances they are not already complying. If you have a website you’re concerned about in terms of GDPR, just get in touch using our contact form or give us a call.
Every business is responsible for their data and if you’re not sure you need to be GDPR compliant, it might be worthwhile to conduct a complete audit through your council.
It may sound like a lot but the new GDPR is a good thing for everyone – yes, even businesses. Especially businesses.
According to the UK Department of Culture’s 2017 survey, 70% of large UK companies have experienced some type of security breach in the past year.
With the new GDPR regulations, customers will feel more confident that their personal data is safe and is less likely to end up in the wrong hands.
For businesses, this will increase customer loyalty and brand trustworthiness, which will lead to an expanse in clientele and revenue growth in the long run.
In other words, it’s all good.