Want a heads up when a new story drops? Subscribe here.
If you’re online, then you’ve no doubt been hearing about GDPR. But what even is it? Why is it a concern? And what do you need to do to make sure you’re compliant? We’ve got the answers to all your GDPR questions.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new set of laws and regulations designed to better protect the privacy and sensitive data of EU residents. Since coming into effect earlier this year, GDPR has shaken up the way companies interact with consumers and their data in a variety of ways:
- A company’s terms and services for having consumers consent to an online service now have to be clear, concise, and easily understandable. Consent must also be as easy to withdraw as it is to give.
- Data subjects now have the right to obtain information on if and how their data is being processed, and to have the controller of their data fully erase and cease the use of any their data the company has on file. The data subject also has the right to receive a copy of their provided data
- Customers and data controllers must be notified of data breaches within 72 hours of the breach being found.
Companies that fail to comply with GDPR regulations can be fined up to 4% of their annual turnover or €20 Million (whichever is more).
Will My Company Be Affected?
If you’re located in the EU, the answer to this one is pretty simple – YES. But you think you’re excused from these new regulations by not being a European company, you’re probably mistaken.
The jurisdiction of GDPR extends not only to European companies, but any company that holds or processes personal data of EU residents. This means that if it offers goods and services to, or otherwise monitor data of EU individuals, a non-EU company is subject to the same rules as a company based in the EU.
How Do I Stay Compliant?
With the steep penalties for non-compliance, your concern is probably (or at least should be!) making sure your company is up to the necessary standards. The first thing you should be looking at is your privacy policy. The changes to consent conditions have made largely changed what makes an acceptable privacy policy, and frankly, most pre-GDPR policies don’t meet the new requirements.
Another important step is auditing your databases. Make sure all of your data is complete, consistent, and most importantly was given with perfectly clear consent from the data subject.
Any holes in your data put you at big risk of breaking compliance, so it’s a little bit of spring cleaning is well worth your time.
One more thing to consider is the importance of communication. Silently making adjustments in the background may not be enough, especially if there are new terms and policies that customers need to agree to. Make sure you’re being clear with your customers about their privacy rights and informing them of any changes to policies or terms.
If all this still sounds confusing, there’s no need to worry! At Socialfix Media, our team has the resources and the know how to ensure your company’s website and operations are 100% GDPR compliant. So what are you waiting for? Reach out to us today and let us help you, we can’t wait to get started!