GDPR: What Does it Mean for Businesses?
As of 28th May 2018, a digital privacy regulation will be implemented. The General Data Protection Regulation or GDPR will standardise the various EU privacy legislations and form one set of legally binding regulations. It has been designed to protect users across the EU and will affect all businesses.
The GDPR cannot be opted out of and businesses that fail to comply by the deadline could face fines of up to €20 million.
To help ensure you’re prepared, here’s a quick overview of what GDPR means for your business and how to ensure you comply.
Why is GDPR being introduced?
The new legislation is based on the EU’s desire to put users first, protecting them from exploitation and helping to manage their personal data.
It will help to ensure all companies are held responsible for their actions and to prevent any exploitation of data moving forward.
Another driving force for the legislation to be introduced now is that existing EU data protection policy is still led by regulations that were introduced in 1980. This means that existing laws are outdated and don’t account for digital technology.
How will GDPR affect businesses?
The legislation will change the way businesses handle data and their policies towards using it. Here’s a simplified list of the aspects GDPR will affect:
- The ways personal data is being used will need to be documented
- Communication of any data breaches will need to be improved
- Privacy settings will need to be built into websites and any digital products
- The way businesses ask for permission to use data will need to be regulated
- Businesses will have to run privacy impact assessments
For a more in depth guide, IT company 5th Utility have created this handy guide to GDPR for Small/Medium Businesses.
How will GDPR affect marketing?
This now has to be actively sought. So in other words, you can no longer just presume that past customers or leads will want to be contacted.
For example, a slightly hidden box that’s already pre-ticked will no longer be acceptable. Users will now have to actively take action to opt in to any future communications.
Right to be forgotten
This is a user’s right to remove their data from a system at any point. For example, if they no longer want to receive newsletters or monthly offers, they should, legally, be able to withdraw their data.
This means, simply, that businesses will have to ensure that users have the means to easily access and remove their data. A simple ‘unsubscribe’ button which links through to a page where they can remove their details will suffice.
How to prepare
Every business is different so it’s important that you are thoroughly aware of how this will affect you specifically. There is plenty of information out there but if you want a jargon free, concise overview, check out this pocket guide which breaks down the legislation and outlines the key requirements.