If you’re wondering what does GDPR stand for, we share all of the details about the General Data Protection Regulation (GDPR) and why it should matter to you.
One thing you might have noticed in the last few weeks is an unusually high number of companies sharing details about their Privacy Policy and Terms and Conditions web pages. This is as a result of a new regulation in the EU called GDPR.
While bloggers and businesses alike are talking about the changes GDPR is making on the internet, many are wondering what it is, and what impact it’ll have on them and their business.
If you’ve been wondering what GDPR stands for and what changes it’s going to mean for you and your business, then you’re in the right place.
Rather than feeling overwhelmed by all the information out there, we have put together this article to help you understand exactly what GDPR is, and why it should matter to you and your business.
We share all of the important information about the General Data Protection Regulation in this article so you can gain a better understanding of it, for your business.
What is the GDPR?
The GDPR or the General Data Protection Regulation is a law which is set to replace the rather dated 1995 Data Protection Directive.
Adopted on April 14th, 2016, the GDPR comes into force this month. This brand new policy gives consumers total control of their data and will affect companies who are in the European Union but also will affect those that have operations and customers there too.
Some of you may not be aware of this new legislation, but you should pay attention. If any aspect of your business is offering goods or services to people within the European Union or monitors the behavior of them, you’ll need to comply.
With a total population of 505 million people living in the EU, that’s a lot of potential customers that your business could be reaching, and needs to be compliant with this new law.
When Do You Need To Take Action By?
Enforcement of the GDPR is only a few weeks away, although adopted on April 14th, 2016, the policy goes live on May 25th, 2018.
This means if you aren’t compliant by this date you could be breaking the law and fined accordingly.
What Does This Mean For Your Business?
One of the big focuses of the GDPR is under the conditions of consent online. Companies will not be able to use confusing or vague language to get you to agree to give them your data.
You’ll also not be able to bundle together consent for different things together. This means that if you have somebody on an email list for one product, under this new policy, you wouldn’t be able to email them about a new unrelated product, without their express permission.
That means also you will have to have individual consent forms for different pieces of information; you can’t have one opt-in form which says you’re giving consent to lots of different things. You’ll need to have individual consent for each of them.
Consent also needs to be easy to withdraw from the individual.
It’s also required under the new rules to let the data protection authorities know of any data breaches within 72 hours of it happening.
With user data, the customer is going to have more control. This means they’ll be able to access the personal data that’s stored by companies and find out where, and why you’re using it.
The GDPR also gives users the right to have their data forgotten. This means you can ask whoever is controlling your data to erase it and stop third parties from accessing it.
What Are The Consequences of Not Taking Action?
There are a lot of mistakes you can make re-designing a website. Make sure GDPR isn’t one of them.
There are some serious punishments for your business if you don’t commit to the GDPR laws. An organization that breaches GDPR laws will face fines of up to 4% of annual global turnover or 20 million euros, whichever is greater.
That means some of the world’s biggest technology companies can face some devastating fines if they don’t take your data seriously.
For smaller firms, a breach in GDPR could mean potentially huge fines which could put you out of business. It’s clear these policies and the large fines are in place to make large tech firms like Facebook and Google take note.
But it’s not clear yet how much action the data protection authorities will take on smaller individuals not complying.
The best advice is to avoid a potentially huge fine and remain compliant.
What Do You Need To Do to Be Compliant?
The GDPR has given some clear guidelines on its website on how to remain compliant for when the GDPR takes force.
We recommend reading through the official information clearly and thoroughly to make sure you remain compliant.
Here are some of the tips we recommend to become compliant with your company.
Understand GDPR is Moving Away From Tickbox Compliance
Changes under the GDPR are moving companies away from simple, “tick this box to agree to everything.” The focus now is on the security and privacy of your user’s data.
The ‘Personal Data’ Definition Has Widened
The definition of ‘personal data’ has widened massively. This means that it now explicitly includes online identifiers such as IP addresses and mobile device identity.
Remove Active Opt-In’s
If your website has invited a user to a subscribe tick-box that is pre-checked, this will be in breach of GDPR rules. You need to make sure these forms default to an un-ticked box.
Separate Opt-In Boxes
If you are asking a user for permission to opt-in, you will require two separate opt-in boxes for different requirements. For example, one opt-in may be for your email list, and the other may be to pass their details onto third parties.
Easy to Withdraw Permissions
Your permissions that a user is agreeing to need to be easy to remove. It has to be as easy to remove consent as it was to grant it.
This means you should make it easy to remove consent from emails or opt-out of specific lists.
Are You Ready For The GDPR?
You probably have a good understanding of what GDPR is and some steps your company should take to act. Before taking any action, we recommend you consult with your lawyer or legal advisor. With their advice, you’ll know if GDPR is a liability for your business or whether you can sit this one out.