The General Data Protection Regulation will come into force next May, and with it come a whole host of new regulations and new information to get to grips with. Released by the EU earlier this year, it will impact trading across the EU, and it represents a shakedown in the way that companies handle their customers’ personal data that some say is well overdue.
What is it? At its core, the GDPR aims to help businesses to better protect their customer data, and create a market with strong data security and stringent privacy rules. Though every country in the EU currently operates under the EU’s old 1995 data protection directive, the GDPR will replace it, and it promises a more harmonised system under which customers and clients will enjoy greater rights. Though Brexit means that the bill technically doesn’t apply once the UK leaves the Union, British companies won’t be able to trade abroad or handle European customer data if they don’t follow the legislation’s directives.
What does it mean? The GDPR will change the way in which businesses handle their customer data, depending on whether your company is a data ‘controller’ or a data ‘processor’, which affects what you can do with your data and how you can collect it.
Thanks to the GDPR, customers will also have greater control over personal information; indeed, companies have to obtain explicit ‘consent’ from those customers if they want to use and retain their data, especially if they want to analyse it or use it for marketing purposes. Under the GDPR, customers have the right to ‘data portability’. At its most basic, this means that a customer can request to see their data, or request for it to be extracted and sent to them in a readable format. Added to this, the ‘right to be forgotten’ means that customers can also ask for their data to be deleted entirely- something that companies have to comply with.
Once May rolls around next year, businesses will also be held accountable for the data that they collect. To minimise the risk of a data leak, businesses now need to know where they store their data and who has access to it. The GDPR also forbids them from collecting any more data from customers than is strictly necessary for the processes that they have previously identified.
The principle of accountability- a key theme in the GDPR legislation- also has ramifications when it comes to data security: many businesses will be commanded by law to adopt a Data Protection Officer to oversee their data, while any breaches in security will need to be reported immediately and fixed or companies will face a fine that could total up to 2% of the company’s total annual turnover.
The GDPR is a vast and complicated piece of legal documentation, which will have wide-ranging effects across the entire business landscape. This article has only touched on some of the key points: for more information, check out Capita IT’s webinar which will fill you in on everything you need to be prepared for the future.