GDPR (General Data Protection Regulations) seem to have been talked about for years and even still, with 4 days till the regulation is imposed, many business and website owners do not know the implications it’s going to have on them. The legislation provides customers with control of their personal data as it is collected by companies. Initially the legislation was approved by the European Parliament in April 2016 and will come into effect on Friday 25th May 2018. This is one of the largest changes that have affected online business’ because it has implications by creating a future of data itself reflected on an individual connected with the EU, through an online enterprise.
What does it mean to me?
If you’re a website or business owner then you need to gain approval from your customers for their data in a clear and accessible way. They will be able to ask for information on how and why their data is being processed. They will also be able to request copies of their data in a machine-readable format so they can take it elsewhere.
If a company holding someone’s personal data realises it has been breached, it must in certain circumstances, inform people within 72 hours. According to Kris Lahiri, (chief security officer of enterprise file storage company Egnyte) “many businesses are being forced to modernise their infrastructure to create more manageable processes and protocols because they are still using legacy infrastructure such as handwritten records or tape storage, which makes compliance extremely difficult under those circumstances.”
The fines associated with not complying with the legislation is huge including the ability to be fined up to 4% of the gross revenue from your online business, up to £20,000. In simple terms, these changes can significantly affect businesses profits and attention to their customers’ data.
How to comply
We’ve pieced together some of the smaller changes that you and other companies need to be achieved to ensure that you are obtaining the correct information and through the correct methods.
Re-subscriptions
You may have noticed that you’re receiving high levels of emails from companies asking to keep your details on file and be kept into their subscription. This is not only impacting emailing subscribers but also app users whereby apps are being forced to make people provide explicit permission to use their data.
Training
The importance of data has to be made extremely aware to every employee including an education process on what GDPR to prevent information being misused. The legislation highlights the significant and importance of each individual's personal data.
Policies
A website must adhere to strict regulations on how they obtain information and feature privacy policies online in an easily accessible method. These policies must include in-depth coverage of processes if data has been exposed and how the individuals will be informed of the circumstances.
Audit 3rd parties
You may secure all your own policies however if you do have feature 3rd parties applications or scripts of your websites, then you and business owners must review data protection procedures implemented by 3rd parties and partners of your online business.
Terminology
Let’s explain some GDPR terminology, that will definitely be on tech talks.
DPO (Data protection officer)
Data protection officers are the people who will give you assistance on everything about general data protection regulations has already improved to make customers data safe, so they take big responsibility for your company. You can hire a DPO or find on from your employees. That employee must be an expert on data protection and would be valuable for him or her to have management skills. A DPO advices you and your company respecting “data protection impact assessment”.
DPIA (Data protection impact assessment)
DPA is a process to help your business recognise and then, simplify the data protection risk of projects developed by your online business.
Data subject
Any individual whose personal data can be recognized.
Personal data
Name, Physical attributes, Location, Online identifiers, Economic, Cultural and Social information, Health information.
Processor
The one who processes the data for your business
Processing
Exploring your data to execute compound actions with it
Controller
As the GDPR Art. 4(7) reads: “Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.
Consent
The core canon of data protection - The permission from your consumer to receive emails and marketing material from your enterprise.