Disclaimer: This post is not legal advice. We’re not lawyers.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU) and also regulates the exportation of personal data outside the EU. This new set of rules is designed to give EU citizens more control over their personal data. But this law affects any organization doing business with or collecting information from an EU citizen.
What do you mean by “personal data”?
Does it affect my company or organization?
If you hold any EU citizen data via your website, app, or service you MUST act now (in fact you’re super late to the party). All organizations are expected to be compliant with GDPR as of May 25, 2018.
If you have international reach with your website, social, email – really any online media, you should probably still pay attention to GDPR and take some action.
What happens if I don’t comply?
There is a fine for not being compliant. The maximum fine for noncompliance with the GDPR is up to 4% of the annual global revenue generated by the company.
So, what do I need to do?
- Get permission of data collection.
- Protect the data that is collected.
Make sure your company has the proper security measures in place should be first on your task list. Contact your IT administrator, find out what you need to have in place to be compliant, and then create a protection plan.
- Inform all persons of a data breach.
Your company must inform victims individually of any breach within 72 hours.
- Respond to data collection requests.
Any customer can request what type of data is being collected and stored about them (Right to Portability), as well as the right to request that it be deleted (Right to Erasure).
Here’s what a lot of other companies and organizations have been doing:
- Adding notices about personal data collection on all form pages.
- Adding an opt in on websites addressing acknowledgement of data collection
If you are concerned that you may not be GDPR compliant, please contact your lawyer to help guide you.