Rent a virtual number to ensure your privacy on the Internet through our service SIMonline.su!
On May 25, new rules came into force, which means that your business must ensure its compliance.
But what exactly does the GDPR entail? Here is our guide to everything you need to know.
What is GDPR?
The General Data Protection Regulation, or the GDPR (or EU Regulation 2016/679, if you want to be official), is one of the most important and widespread laws adopted regarding technology and the Internet.
Approved by the European Union in April 2016 and entered into force in the UK on May 25, the GDPR expects to combine several existing laws and regulations to harmonize decisions across the EU.
First of all, it replaces the British Data Protection Act 1984 and the EU Data Protection Directive, which originally came into force in 1995, with new guidelines that are better suited to the modern technology-dominated world.
GDPR highlights the privacy rights of ordinary users and the data that they create on the Internet and will affect businesses of all sizes, as they affect how companies collect, store and care about their data.
As part of the GDPR, companies will also need to clearly notify the collection of personal data of their customers. This will mean that consent must be given explicitly and that companies will need to specify in detail the exact purpose for which customer data will be used.
This personal data should also be encrypted by default as part of a process known as pseudonymization, which means that it cannot be associated with a specific person without additional information.
Personal data refers to a wide range of information - in fact, to everything that can be used to directly or indirectly identify a person on the Internet. This can be names, email addresses, images, bank details, messages on social networks, medical information, phone numbers or even the IP address of a computer.
Users will also have the right to know exactly what information about them is stored in the company or organization, as well as to require the removal of any of this information if they believe that their privacy rights are being violated.
Companies that suffer from data leakage, whether incidental or part of a cyber attack, will need to report this event to the appropriate authorities within 72 hours after it occurred, although there is no need to notify users until a notification is received.
Who does the GDPR apply to?
Simply put, if your business offers goods or services to anyone living within the European Union, GDPR will apply to you.
This means that companies outside Europe will also need to make sure that they comply with the rules, as they can also be fined if it is determined that they do not meet the requirements.
If you have mailing lists for newsletters or promotions, and some of your potential customers are EU citizens, GDPR applies to you.
What do I need to do to be prepared for GDPR?
As mentioned above, if you are dealing with customers within the EU, you need to make sure that the method of collecting, storing and using their data complies with the GDPR.
First you need to determine exactly what data you currently own and what means you received it. Many organizations may not be aware of the enormous amount of information that they own about their customers - just as their customers may not know what information they shared.
All data must be properly protected to ensure it is safe, so it is definitely worth initiating new policies to limit access to the most valuable data for several key team members.
You should also back up your data regularly, as customers can request accurate information at any time as part of the GDPR.
If your business uses data processing techniques, you also need to appoint a data protection officer (DPO).
DPO will be able to take responsibility for most of the hard work when it comes to GDPR, including compliance monitoring and data protection.
Finally, you need to make sure all your employees are aware of what GDPR means. Rules are not just the prerogative of the IT department, they can affect everyone in your organization.
What happens if you are not ready for GDPR?
GDPR is a huge deal, and the penalties for non-compliance are significant.
Any organization that does not recognize the new rules after the deadline of May 25 may face heavy fines equivalent to 4% of the annual world turnover or 20 million Euros, whichever is greater.
It is still unknown exactly how the GDPR will be controlled and whether fines will be handed out to each large and small company, but at the moment the best way to do this is to prepare as fully as possible.