If you’ve been keeping up to date with the latest news and Twitter feeds over the last year you’re very likely to have heard of GDPR. While there’s a good chance you’ve been ignoring the new legislation in the past, as the deadline finally creeps up on us, now really is the time to start paying attention!
There’s just over a month remaining before GDPR comes into force and while that doesn’t seem like a long time, there’s still plenty of time for your business to begin implementing a strategy that aligns with the GDPR requirements.
What Is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens and the transactions they make. It aims to give citizens more control over their data, allowing people more say in how businesses and organisations use their data.
Similar to the Data Protection Directive, GDPR is principle based and requires personal data to be used fairly, lawfully and for defined purposes only, ultimately improving trust and providing transparency between organisations and their clients or customers.
GDPR applies to any organisation that operates within the EU, as well as any businesses or organisations outside of the EU who offer goods and services to customers inside of the EU. Due to how wide scale GDPR will be, every business needs to be ready and have a compliance strategy in place.
Those who fail to comply will be faced with strict penalties under the new guidelines, including a fine of up to 4% of annual global turnover or €20 million, depending on whichever is greater.
What Personal Data Is Under GDPR?
There’s a large range of data that is considered to be personal information under GDPR, this includes: photos, bank details, social media names, social media posts, medical information and IP addresses.
The legislation also means that pre-ticked boxes or users having to actively opt out of emails communications no longer complies, instead a double opt-in process is essential, with users having to confirm their communications with another email.
You can’t wait any longer to plan your compliance strategy, not only could your business be at risk of financial repercussions, but it’s also highly likely you’ll face repetitional risks if you fail to comply.
GDPR comes into effect from May 25th, 2018.
For more information on GDPR visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/