If you are on Facebook or any of the other social media platforms. You’ve probably received GDPR notifications by now outlining this policy. So, what does GDPR mean? It is the General Data Protection Regulation(GDPR) – Policy and Compliance that goes in effect on May 25, 2018. This policy is the legal framework for how personal information of individuals is collected and processed within the European Union(EU). The European Union is comprised of 28 member countries that share political and economic relations. The purpose is to create a more harmonious social, political and economic climate among the nations of Western Europe.
Some of the major changes include:
The territorial scope has been widened. Now GDPR applies to all companies and organizations, regardless of location in the EU or outside of EU, that process personal data of individuals in the EU.
A company or organization in breach of the GDPR can pay a hefty fine ranging from 2% if company records are not in compliance with article 28 or as high as 4% of annual global turnover for more serious infringements.
When requesting consent for an individuals personal information the terms and conditions must be clearly stated and understandable. It must be easy to consent, as well as withdraw consent.
“Right To Be Forgotten” refers to individuals having the right to have their data erased and cease the sharing of their data to third parties.
Privacy By Design has always been a requirement for many years, now it is a legal requirement with the GDPR. It simply means the protection of data must be incorporated and part of your business systems as opposed to an add on.
Individuals have the right to know how there personal information is being used, which includes actual personal data on file. This information must be electronically given at no cost if and when requested.
There are a few more major changes that will be going in effect on May 25, 2018. I recommend that you educate yourself as a business owner, which leads me to what you need to do now.
If your business collects personal information from customers via the Internet, then you want to ensure that you include data privacy and protection elements in your marketing.
Make sure you have policies, procedures, and systems in place for your staff. If you are not sure how to go about creating privacy policies and procedure, definitely engage someone that understands and can help you put it together.
The potential cost of not being in compliance definitely out ways the cost of being in compliance. This article is just a summary of some of the information As an IT Professional and a business owner it is important to educate myself so that I am able to support the businesses that I serve. For more information, you can visit the following sites.