No doubt you’ve heard the term ‘GDPR’ by now and however much you currently know about it, it is going to have an impact on your business and your customers’ businesses. In May next year, GDPR becomes enforceable. So, as the 12 month countdown begins, we thought we’d give you the key facts and figures, with a short series of blogs.
So, what actually — and factually— is GDPR?
GDPR stands for ‘General Data Protection Regulation’. This new regulation is set to replace the 1995 European Directive (95/46/EC) and will become the primary law regulating how companies have to deal with the data of EU citizens. In April 2016, the European Parliament, the Council of the European Union and the European Commission made the decision to implement this new regulation, and as of today, GDPR will become enforceable in exactly 12 months’ time (just for the record, that’s the 25th May 2018).
The question is, what do you need to know about it?
Key Information about GDPR
-The primary objective of GDPR is to ensure that EU citizens are in control of their personal data — who has it, how it is stored, and how it can be accessed.
-Having come into force 12 months ago, all business will need to be compliant by May 2018.
-The risk of severe penalties for non-compliance is huge and pose a major risk to businesses.
-Within GDPR there are two main entities that ensure business compliance: ‘controllers’ and ‘processors’.
-A “controller” is an organisation that engages with customers or employees to collect personal data and detail why and how this data should be processed.
-A “processor” processes personal data on behalf of a controller, according to how the controller has stipulated how it should be processed.
-Businesses outside the EU are not excluded from GDPR. Any enterprise that targets, offers goods or services or profiles any data subjects within the EU in some way, will also need to be GDPR compliant.
So, it’s important to know that if you’re handling data of EU citizens then this new regulation applies to you. In fact, any company across the globe handling personal data of EU citizens will need to be compliant, because this is about EU citizen data, regardless of where the business is based.
So how will GDPR affect you?
First, you will need to review the way you gain consent. It has to be much more open and free. You will need to make sure consent is freely given, specific, and informed.
GDPR will change the way you collect, store, and process personal data. Data protection needs to become a default and be included as standard in all project designs — rather than being added as an optional extra or an after-thought.
In general, all types of businesses in the channel need to be compliant. You need to be the expert, and the advisor of the implications of GDPR on your customers’ businesses. You will need to be able to provide training and compliant solutions. However, there is a positive side to this. When you establish yourself as a trusted leader and knowledge holder on all things GDPR, this will add to your credibility and become an additional value benefit and help you to create and maintain long term, trusted business partnerships as a result.
If you are processing any kind of personal data on behalf of your clients/customers then you too must ensure that you are GDPR compliant, or — worst case scenario — your client will not legally be allowed to appoint you as a supplier.
There are a number of positives to GDPR and in fact if you respond favourably, you could take advantage of this huge opportunity. However, GDPR is not something you should take lightly. If you do not approach it sensibly and with caution, there are a number of implications that could cause considerable threat to your business. Not least the huge potential fines and compensation claims that can be enforced for non-compliance.
We will expand more specifically on key threats and opportunities next week.
For now, you need to know:
- GDPR is here and in force today.
- In 12 Months’ time GDPR will become enforceable.
- It will affect your business.
- You need to be prepared and compliant.
Check back next week to learn more on how to keep your customers compliant or subscribe to the blog to get daily updates sent to your email.