We enter our personal information online all the time - and we often don’t give it a second thought. Every time we send an email, we pay a bill or buy anything we do so by entering our personal details, but have you ever stopped to wonder how much personal data you have shared online? Or what happens to that information?
Think about your banking information, your email contacts, your past and present addresses, all the social media posts, and even your IP address - and the sites that you have visited and that have stored digitally this info.
Companies often tell you that they collect this type of information so that they can serve you better, like offering you more targeted and relevant communications, all to provide you with a better customer experience.
But, is that what they really use the data for?
This is the question that has been asked and answered by the EU, and why in May 2018 a new European privacy regulation called GDPR will be enforced and permanently change the way you collect, store and use customer data.
In a recent study of more than 800 IT and business professionals that are responsible for data privacy, Dell and Dimension Research found that over 80% of businesses know few details or nothing about GDPR. So are you prepared?
On May 25, 2018, a new European privacy regulation called The General Data Protection Regulation (GDPR) will come into effect.
This regulation will be implemented in all local privacy laws across the entire EU and EEA region.
The GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. Even non-EU established organizations will be subject to GDPR.
It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe. If your business offers goods and/ or services to citizens in the EU, then it’s subject to GDPR.
According to the GDPR directive, personal data is any information related to a person such as :
- a name
- a photo
-an email address
- bank details
- updates on social networking websites
- location details,
- medical information
- computer IP address.
There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
Also in a business to business setting, everything is about individuals interacting and sharing information with and about each other. Customers in B2B markets are obviously companies, but the relationships that handle the business topics are people – or individuals.
So how could this affect you?
This new data protection regulation essentially puts the consumer in the driver’s seat, and the task of complying with this regulation falls upon businesses and organizations.
All organizations and companies that work with personal data should appoint a data protection officer or data controller who is in charge of GDPR compliance.
There are tough penalties for those companies and organizations who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.
Say you’re website designer. Similar to how designers created the cookies alert that is now present on every website, so too will clients be looking to you to ensure their GDPR compliance notification is visible.
This brings with it the risk that failure to comply could be considered to rest on your the shoulders. If you manage multiple client websites, can you be sure that they are all compliant? One step that web designers can take to ensure they are protected is to take out IT contractors insurance. This will ensure that if the advice they dish out causes problems for a client, they won’t be held personally responsible.
Many people might think that the GDPR is just an IT issue, but it’s so much more than that. It could potentially have broad-sweeping implications for the whole company, including the way companies handle marketing and sales activities.
My advice? Look into this sooner rather than later. Dedicate time to understand what you need to do in order to become compliant and, create a plan of action for your journey to GDPR so that when May 2018 comes along, you’ll be able to answer all of your customers’ questions regarding compliance.