Just about every piece of information about you is transmitted digitally. As we all know, government can take some time to catch up to what is happening in the world of technology. A good example of this is the General Data Protection Regulation, a new set of terms that came in to effect for all European Union countries on May 25, 2018. The purpose of this new regulation is to “empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” While the regulation was crafted by the European Union, it applies to all companies “processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.” In other words, if you deal with anyone or anything in the EU, be prepared!
There are seven major pieces to GDPR. This quick video summarizes them well. We’ve detailed them below.
Consent – When obtaining client consent for data use, the terms must be easy to understand.
Breach Notifications – If a data breach occurs, companies have only 72 hours to notify their customers.
Right to Access – Customers have the right to obtain confirmation of their personal data being used. Also, companies must provide a free copy of personal data if requested.
Right to Be Forgotten – When customer data is no longer relevant to its original purpose, customers can have companies erase their personal data.
Data Portability – Allows anyone to obtain their personal data for their own purposes by transferring it across different IT environments.
Privacy by Design – Calls for the inclusion of data protection from the onset of designing systems.
Protection Officers – Professionally qualified officers must be appointed in organizations that engage in large scale (more than 250 employees) monitoring or processing of personal data.
All of these requirements are meant to better protect the clients we’re all working for. Personal data is invaluable, and loss or corruption of said data can cause major turmoil in the client’s life. This regulation provides peace of mind for all of us, and the consequences for not complying can be staggering. Companies can be fined up to $24,000,000 for failing any of the seven requirements.
Every day, there is a story about identity theft or data corruption that could’ve been prevented by a company keeping a closer eye on their customers’ data. The GDPR is working to fix that. Breaches like the Equifax hack from 2017 will now lead to legal cases against the parent companies with major fines and penalties for those convicted. If your company does business with any clients in any European Union company, we recommend using the GDPR’s FAQ page to see what you need to do to make sure you are prepared. Remember, it’s in the best interest of every individual who has personal data stored electronically. In other words, GDPR is meant to help protect all of us!