Unless you have been living under a rock over the last 6 months most business owners have at least heard of the new EU data protection regulation. We have actually had 2 years to prepare. The deadline to comply is fast approaching, at time of writing, we have just over a month until May 25th. Many are still confused about what they need to do or see it as a new barrier to effectively running their business.
At its core, the new legislation is about ensuring we respected the personal data that our clients and customers entrust to us. As a consumer, I like to think that I won’t be spammed with unwanted marketing and adverts. I want to be sure my data is kept secure and not handed over to third parties without my permission or knowledge.
As a business owner, I need to able to run my business effectively and efficiently in what is always a challenging and competitive marketplace. Sometimes it feels that the needs of the business and the consumer are in constant conflict as rights and regulations evolve.
I don’t believe it has to be that way. Being transparent and open can be a strong marketing tool. As consumers get savvier in protecting their personal data, businesses that are transparent and treat their customers with respect will gain more customers than those who try to skirt the letter of the law.
According to Article 4 “’personal data‘ means any information relating to an identified or identifiable natural person (‘data subject’) …”
This can include name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
As always when I discuss this area I will emphasis I am not a legal expert and if you are unsure getting legal advice is always a good idea.
This first thing to note is this is a regulation, not a directive, which means you are lawfully required to put it into practice for your business if you deal with personal data for those who reside within the EU
GDPR is based on six main principals.
Fundamentally you are ensuring:
For more detail check out the Information Commissioners Office website
As always there is some discussion on what you need to do. Every business is different, and a lot will depend on what process you use and the type of data you collect.
All this will take time to complete and the likelihood of legal action is still unknown. The biggest fines are, I suspect, reserved for those who are actively and purposefully misusing personal data. That said, businesses that ignore GDPR will find themselves under closer scrutiny from more savvy consumers looking for a transparent and trustworthy service.
European Commision Infographic for GDPR
This infographic gives a quick and easy to understand overview to get you started.
Information Commissioner’s Office guide to GDPR
It is worth reading through the information on the ICO website to be sure you understand the regulation in more detail.
Top 10 operational impacts of the GDPR: Part 4 – Cross-border data transfers
A useful article if you store personal data on services outside the EU
GDPR For Online Entrepreneurs (UK, US, CN, AU) Facebook group
Joining this Facebook group gives you access to some useful discussion and training videos.