Hot on the heels of the EU Cookie law comes GDPR or General Data Protection Regulation. The new law comes into force from the end of May 2018, so now is a good time to look at what’s involved and how it could affect your business.
Briefly, GDPR provides a method for website users to control the way their data is collected and used by the company that collects it. It’s therefore essential to understand how it works and most importantly the ramifications if you don’t adhere to the new law.
GDPR comes into force on the 25th May 2018 and is applicable to any business that deals with individuals in the EU regardless of their own location.
It has been suggested that fines up to 4% of a companies annual turnover could be enforced for non compliance. It’s no surprise then, that many companies have already begun preparing for GDPR.
For a full brief of what’s involved in GDPR go here to the EU official website.
There are three elements to consider when it comes to GDPR:
• Right to Access. You will need to be completly transparent when it comes to how you collect and use a customers personal data, and why. Users must be able to request their data, with a 40-day turnaround time.
• Right to Be Forgotten. This is means a withdrawal of consent from the user and means you will need to completely erase any data you have stored.
• Data Portability. This will give the user an option to download their data and transfer it elsewhere.
Companies will have to have a procedure in place to notify any users of data breaches in a timely manner.
Complying with GDPR could be a time and resource heavy exercise for some companies, depending on their size and the type of data they collect. However, the fines for non compliance mean it’s something that all business will have to allocate time.