If your business markets into the EU, then new data regulations called the General Data Protection Regulation (GDPR) will impact you, so you need to be prepared.
The GDPR gives consumers more control over their data. Marketers will need to offer transparency to consumers over what data is being collected and why, and data breach reporting rules will need to be followed by organisations trading within the EU, notifying legislators of any breach within 72 hours.
In essence, consumers now have much more power over their personal data. They will be able to demand companies reveal or delete the personal data they hold. Consent now needs to be explicit and informed, and renewed if the use of that data changes.
Companies also need to be vigilant over storage and security of personal data, including an individual’s personal information down to the IP address or cookie data of the user.
What types of privacy data does the GDPR protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
The provisions are consistent and apply across all 28 EU member states and is applicable to any company with over 250 employees which stores or processes personal information about EU citizens – even if the company themselves has no EU presence. Companies which hold sensitive information and have fewer than 250 employees are also bound by the legislation.
Many large companies have already implemented changes ahead of the May 25, 2018 commencement date. Facebook launched a range of tools to put users in more control over their privacy by building an access your information tool – this enables users to find download and delete specific data on the site. New terms of service were released which every user in the EU had to agree to. If you wondered why you’ve been getting a bunch of emails from your current suppliers regarding a change to their terms of service – it’s due to the GDPR launch.
If your business markets into any of the 28 EU states, be prepared to comply with the new laws by 25 May 2018. You can find out more information on the legislation here : https://gdpr-info.eu/