Note: This was featured as part of our Web Wednesday segment on Charleston’s 105.5 The Bridge. You can catch us every Wednesday morning at 8:20 am ET for your dose of social media & digital marketing news.
The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. Many business aren’t aware of the parameters surrounding the arrangement, but should be to avoid penalties and fines. If your business serves or operates with customers in the European Union (EU), here’s what you need to know to prepare for the coming changes.
What is the General Data Protection Regulation?
The GDPR is an arrangement designed to protect citizens from privacy breaches by unifying data privacy requirements across the European Union.
Any business that markets or processes information to end users, customers, and employees needs to know the requirements the future bill addresses.
Businesses and organizations under the GDPR can be fined up to 4% of annual global turnover, or 20 million euros ($24 million). Authorities within the EU have the right to monitor and enforce these fines.
What are key changes of the GDPR?
A few of these changes include:
Consent must be easily accessible as well as be clear and distinguishable from other material. This means that companies must use clear and plain language rather than legal terms that can confuse clients and employees. The purpose for consent change is to equalize ease of access when giving and withdrawing it.
If a data breach results in an area where there is a “risk for the rights and freedoms of individuals,” a notification must be generated within 72 hours after becoming aware of the breach. These notifications will be mandatory in all member states likely to result in data breaches.
This is an element introduced by the GDPR, which gives the right for a data subject to receive any personal data that concerns them if it has been previously provided. They also have the right to transmit the data to another controller if it’s in a ‘commonly used and machine readable format.’
Right to Be Forgotten
Also known as Data Erasure, this right gives the data subject the capability to erase his/her personal data by the data controller and end any dissemination of the data. The right to be forgotten has the potential for third parties to halt the processing of data.
These are just a few of the changes being made by the GDPR. Creating more compliant information technology platforms and making someone responsible for data protection are a few measures you can take to ensure full consent with the new law.
If you want to learn more about the GDPR, give us a call at (888) 632-4499 for a free, no-obligation consultation today. We’d love to help you out!