What is GDPR?
The General Data Protection Regulation (GDPR) is a series of principles designed to strengthen the protection of data for EU citizens and residents. Having been ratified in April 2016 it will be enforced by every EU state from the 25th of May 2018 onward and represents the single greatest advancement of EU data privacy in more than two decades.
While many of the legislative principles that make up the GDPR are similar to those found in the current Data Protection Act (DPA), there are a series of new measures and significant enhancements involved.
Introduced in order to protect individuals from potential future data breaches, the GDPR will allow individuals to wield far more control over the personal data companies retain about them and place significant emphasis on businesses ability to demonstrate data control and security.
Who will be affected by GDPR?
These changes will impact any company that collects their clients personal data whether it’s through a website, an app, email or any other means that results in personal data being retained in an internal database.
This means that many businesses will have to adjust their approach to data retention and transparency in order to ensure they don’t incur a non-compliance sanction of up to €20,000,000 or 4% of annual worldwide turnover.
Make sure you are GDPR compliant
Data transparency between companies and individuals is a cornerstone of the GDPR. Companies will be required to inform individuals:
- What personal data are being retained
- How their personal data are being used
- Who is using their data
- How long their data will be stored for and,
- Who to contact with regards to obtaining further information on the company’s data processing procedure
In conjunction with data transparency, data security is paramount to maintaining GDPR compliance. In order to ensure this, firms will be required to carry out an online review, answering the following questions:
- Does our target market include EU citizens? (Check currency listings, etc.)
- Does our website contain a comment section?
- Does our website facilitate newsletter subscription?
- Does our website gather and retain personal information or online identifiers such as IP addresses via analytics?
Following this, it will be beneficial to carry out a review of the personal data being collated and retained, under the following headings:
- Why are these data being collated?
- Why are these data being retained?
- How long will these data being retained?
- How secure are these data?
Over the course of these reviews, any potential weak points in a firm’s data protection protocol should become clear and allow the company to take the necessary steps to maximise data security and minimise their risk of GDPR non-compliance.
Suffice it to say, this is a highly simplified guide to GDPR compliance. If you have any questions or concerns about the potential impacts of GDPR on your firm please contact 2 cubed here and our web development experts will be happy to help.