What is GDPR?
General Data Protection Regulation (GDRP) is a new regulation which covers all EU member states. The purpose of GDRP is to unify all data security laws, so they are consistent across the entire EU. Any company selling goods or services to residents of the EU is subject to the regualtion. Therefore, GDPR’s impact will be on a glabal scale.
Any company that fails to comply with GDPR could face substancial fines. The fine could be as much as €20 million, or 4% of your total worldwide annual turnover, whichever is higher.
What is GDPR?
You might be thinking, so what is GDPR? Below is a list of the key features pertaining to GDPR.
Companies must obtain consent to collect a users data. This must be clear, easily given and freely withdrawn at any point.
Timely Breach Notification
If a security breach occurs, there is a 72 hour window to notify all customers as well as any data controllers (if your company is large enough to require one). Failure to report a breach within this window will lead to FINES CONSEQUENCES.
Right to Access Data
A user can, at any time, request a copy of all data you’ve collected from them. This information should also include the ways in which you use said information.
Right to be forgotten
On request, the user has the right to have all of their personal data deleted.
This gives the user the right to own thier own data. The user must also be able to obtain their data in such a way that it can be imported into other environments outside of your company.
Privacy By Design
This section requires companies to secure all their systems from the start. Fines can be issued for companies that don’t impliment the proper security protocols when they are designed. Data must also be encrypted in transfer,from your website to the user (and vice versa), as well as in storage.
Data Protection Officers
Depending on the size and nature of your business, a data protection officer may be required.
Please seek professional, legal advise if you are unsure of how your business will be effected.