After seven years in the making, the new regulation named 'GDPR' is finally with us, and it's making sweeping changes in everything from technology to advertising, and medicine to banking.
Whether through emailing lists, lead generation, or website opt-ins, every company, big and small, acquires and processes personal data. Starting from 25th May 2018, every business in the EU, or every business processing personal data from EU citizens, will be subjected to the new GDPR.
What is GDPR?
GDPR stands for 'General Data Protection Regulation' and is a new law which will replace the 1995 Data Protection Directive, which has up until now set the minimum standards for the processing of data in the European Union. GDPR will significantly strengthen many rights of individuals.
Under GPDR private individuals will have more power to demand companies to either reveal or delete the personal data they hold. Regulators will be able to work in unison across the EU for the first time, opposed to having to launch separate actions in each jurisdiction and their enforcement actions will have a real effect, with the maximum fine now reaching the higher of €20m (approx. £17.5m) or 4% of the company’s global turnover.
Why the GDPR Exists
Informal studies on consumer privacy, over 90% of global consumers wanted more control over the personal information companies collects from them. 56% say the “right to be forgotten” – that is, the ability to request a service provider to obliterate your data forever is among the most important of consumer rights regarding the use of their personal information.
What exactly is personal data?
At the heart of GDPR is consumers personal data. Consumers personal data can include a wide range of information such as cookie data, geographical information, racial or ethnic information, political opinions, shopping preferences and much more which can be used in all kinds of ways and for different purposes. Analysing and processing this data is a fundamental component of most businesses, but in today’s increasingly intertwined world, there comes with it a greater need to protect that data. Privacy limits are continually being tested. The new GDPR rules are important because they apply accountability.
What does GDPR mean for me?
With GDPR, you now have the power to hold companies accountable like never before. If individuals begin to take advantage of GDPR in large numbers, by withholding consent for specific uses of data, asking for access to their personal information from data agents, or deleting their information from websites altogether, it could have a profound effect on the data industry as a whole.
What the GDPR Means for my Businesses
GDPR establishes one law across the continent and a single set of rules which apply to companies doing business within EU member states. This means that the reach of the legislation extends further than the borders of Europe itself, as international organisations based outside the region but with activity on 'European soil' will still need to comply.
Individuals whose privacy has been infringed upon can now under GDPR easily bring private claims against data controllers as a result of any data infringement and sue for compensation.
The penalties for non-compliance to the GDPR are severe. Maximum fines per offence have been pegged at 4% of a business’s global turnover (or $20 million — whichever is the greater). These hefty fines indicate the severity of data protection rights, and while penalties may not be quite enough to sink huge internet giants such as Facebook or Google, it would certainly be enough to capsize smaller companies.
Does GDPR apply worldwide?
GDPR applies only to the EU, but given the scale of the market, many companies are deciding its easier to apply its terms globally. For example, Apple’s privacy tools are worldwide as are Facebook’s (although the latter won’t promise to apply every aspect of GDPR globally, noting that the rules may clash with privacy regulations in other jurisdictions).
Who Will Benefit from GDPR
The GDPR is a game-changer - shaking up the market, and the way businesses operate. Companies that will benefit most are those that already create a customer-based approach that drives personalisation and focuses on organically collecting first-party data rather than treating users as names as targets on a list.
What happens after Brexit?
GDPR will shortly be part of UK law, thanks to the data protection bill that has been working its way through parliament since September 2017, and the government has committed to maintaining it following Brexit. In theory, a future government could change the law again – but even then, any British company wishing to do business with Europeans would have to follow the regulation.
The GDPR can be a blessing in disguise if you allow it.
Here are a few ways that GDPR can benefit your company:
GDPR will boost data protection and security
Being GDPR compliant will improve your business reputation
Working based upon permission creates more user loyalty
More accurate data from willing users
Forcing organisations to make a more significant effort to better online customer experiences
If you need any advice or guidance in making sure that your website is GDPR complaint, then please contact us.