May 25th, 2018 will see the EU General Data Protection Regulation (GDPR) come into effect. Businesses that handle and process customer data in any way, shape, or form will have to be compliant with these regulations or face hefty non-compliance fines. Even though this only comes into effect in 2018, retrospective data is also included so it is likely that most businesses will have some changes to make and work to undertake to maintain their compliance. To educate the marketing professionals, managing directors, and web executives, etc. in the business place; this blog explains the GDPR in more detail and includes tips and methods on how to comply with it and avoid your business facing fines.
What is the GDPR?
In their own words: “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” For EU member states, the GDPR will replace all existing legislation regarding data processing and data protection. That means that from 25th May 2018, the GDPR will be the single representative legislation for these affairs – any older legislation will become null and void and outdated. It affects many aspects of customer data such as collection, retention, transferal, and removal/erasure. As such, it has a far-reaching impact on any business that holds any form of customer data.
What does the GDPR mean for my business?
In essence, the legislation states that customers must have clear and transparent information relating to the collection, processing, and use of their data and details. The main stipulations that will affect most businesses are as follows. Larger businesses may already comply with some of these points (such as having a dedicated staff member appointed for data protection), but smaller and newer businesses will need to adapt to some change.
- Consent for customer data to be used must be explicit and not passive.
- Customers must be able to withdraw their consent easily and freely.
- Breaches that compromise the privacy of customer data and details must be reported to those affected customers immediately.
- Breaches of data protection must be flagged and reported to local data protection authorities within 72 hours.
- Third parties who use and process customer data on behalf of a business must also be made aware of the GDPR and be compliant with the same.
- A dedicated data protection manager will need to form part of the team of staff for all businesses.
Why is the GDPR coming into effect?
The GDPR has been drafted and debated since 2012, was passed in 2016, and will come into effect in 2018. As the use of the internet, apps, and mobile and desktop devices have remained prevalent over these years, it is of little surprise to see this coming into effect next year. If you think of how often credit/debit card details are used when shopping online, how many names, addresses, and phone numbers are entered for delivery details, and even how we can bank and pay our bills online; there is a vast amount of sensitive data held in cyberspace. The GDPR is coming into effect to act as comprehensive protective legislation for this data.
What will happen if my business is not compliant?
Your business will be hit with fines if it fails to comply with the GDPR by May 25th, 2018. Said fines are decided on a scale and will be imposed in relation to the turnover of a business. For example, a business may be fined 4% of its global turnover if it is found to be non-compliant. A side-effect of this too is that the reputation of a business could also be on the line. Businesses found to be non-compliant (therefore perceived as not proactively protecting their customers’ data) can look bad to potential customers. Why would they choose a business to purchase from etc. who has been fined for inadequate handling of private customer data?
How can I make my business compliant?
Time is on your side in the sense that as of now (September 2017), there are almost eight full months to prepare your business. While every business is different and there is, therefore, no one-size-fits-all approach; there are some universal aspects you can start to work on to help towards total compliance:
- Implement your new opt-in and opt-out strategies now. Make it clear to those giving you their data why they are doing so, what it will be used for and how they can easily opt-out as and when they choose. A good way to do this on your website is to use microcopy on sign-up forms and also lightboxes can be used to convey extra and transparent information.
- Upskill or upgrade your staff force to include a data protection officer. This may not seem practical at first, but it is necessary. Businesses will ideally need a dedicated data protection officer to continually manage and safeguard all of the private customer data within your business. They will need to keep abreast of any new developments or threats about data and also be on hand to advise your customers if there is ever a breach of their data.
- If you use newsletter software for example that holds customer data, you will need to see how they fit in with the GDPR legislation. Contact them well in advance of the deadline to see if they are aware of it and complain about it. If not, explore options as to how they can be because the GDPR will also affect any customer data you already have retained.
Constantly working within the digital marketing space, a digital agency such as ourselves here at Ireland Website Design can assess your current situation and implement strategies to make your business compliant with the GDPR. This can include recommendations and suggestions that we can implement across your online presence to safeguard your business in anticipation of May 25th, 2018.
Anything else I need to know?
The GDPR is being compared to Brexit in some articles because it is an impending and unavoidable event that has to be dealt with as best as possible. In the UK for example, the Information Commissioners Office has been known to impose fines of over £50,000 for SMEs who even fall victim to a hack/data breach and have their retained customer data compromised. In broad terms, the retention and management of private customer data will remain under the spotlight and understandably so. Businesses of all sizes are taking notice of this upcoming GDPR, but only smart businesses are taking steps to work towards compliance now. Ourselves here at Ireland Website Design are an example while even global giants such as IBM are literally counting down the days until May 25th, 2018.
If you need any assistance with making sure your business is GDPR compliant, the expert team at Ireland Website Design can help. Call us on 051393524 to get in touch with our digital marketing team members who can make sure that sales are driven to your business now and into the future, even beyond May 25th, 2018.