It’s time to face the facts. New EU data protection legislation – the General Data Protection Regulation (GDPR) – is coming into force in May 2018.
Complying with the GDPR will require a lot of work and far-reaching changes for some companies. For others already using industry best practice, the process will be relatively smooth.
Either way, planning to meet the requirements must start now. Here’s what you need to know about the new laws.
What will the GDPR do?
The GDPR will standardise data protection laws across the EU, enforcing current industry best practice in how companies record, use and protect personal data. It will replace the Data Protection Act in the UK.
Instead of vaguely alluding to the fact that mysterious ‘third parties’ might use someone’s personal data, companies will now have to explain exactly where the data will go and how it will be used – and offer an easy opt-out for those who don’t want their data shared.
Companies will also have to report any breach of data security within 72 hours. So no more behaving like Yahoo, who only last year revealed that they had been hit by the biggest data breaches in history in 2013-14.
It’s all about making the way in which data is processed far more transparent.
But the UK is leaving the EU…
Since the Brexit referendum last year, 25% of UK companies surveyed have stopped preparing for the GDPR in the mistaken belief that it won’t apply to them anymore.
But Brexit won’t happen until 2019, the year after the GDPR comes into force. Besides, any company that holds any information on EU citizens – whether it’s based in Australia, India or the post-Brexit UK – will have to comply with the GDPR.
What’s more, the UK government is preparing a new Data Protection Bill which will see the key principles of the GDPR enshrined in UK law even after Brexit.
So those companies burying their heads in the sand need to pull them out quick.
Why should I care?
For noncompliance, businesses will be fined up to €20 million or 4% of global turnover, whichever is the greater — easily enough to bankrupt a small business.
So what’s the good news?
The new laws will be of huge benefit to consumers and private individuals, who will be able to rest easy that their data isn’t being harvested or sold without their consent. Consumer rights will be strengthened — for example, people will have the right to request any data that a company is holding on them free of charge.
At Reevoo, we welcome this, as we’ve always put transparency at the core of what we do. We believe that a transparent relationship between brands and customers is better for everyone. The more rigorous the data protection laws, the more customers will trust companies to handle their data.
We’ve always put transparency at the core of what we do.
We’ve been at the cutting edge of data security for years now. We’ve worked hard to be awarded (and keep) the most rigorous data security certificates in the industry — including ISO 27001, the international best practice standard for information security.
For us, preparing for the GDPR is a case of updating our existing framework, as opposed to starting from scratch.
Like the Spanish Inquisition, no-one expected the GDPR. But here at Reevoo we’re ready for it – because we’ve always taken data security very seriously.
What should I do next?
If you’re already one of our clients you’ll know that your customers’ data is safe with us. But you’ll need to ensure that your customers have given their consent for us to use it.
To ensure your contracts comply with the GDPR and other advice on compliance, grab your checklist here.
If you’re not a Reevoo client, it’s worth bearing in mind how we can help relieve your burden of preparing for the GDPR. For more information, get in touch with us.