The way we communicate and handle everyday tasks has changed a lot since the internet. We now send emails, share documents, pay bills and purchase goods by entering our personal details online. Have you ever wondered how much personal data you have shared online or what even happens to this information?
You have probably put your bank details, contacts, addresses and even your IP address online and sites that you have visited recently. Companies will tell you that they collect this type of information so that they can serve you better and then offer you more targeted adverts, but what is this data really used for?
That is has now been answered by the EU and is why the new European privacy regulation called GDPR has been enforced, this has permanently changed the way you collect, store and use customer data.
What is GDPR?
GDPR will come into effect on May the 25th and it will be implemented in all local privacy laws across the entire EU and EEA region. It applies to all companies selling to and storing personal information about citizens of Europe, this also includes companies on other continents. It will provide citizens of the EU and EEA with greater control over their personal data and assurances that their information is because securely protected.
Personal data is any information related to a person, like, name, photos, email address, bank details, updates on social media, location and medical information according to the GDPR directive.
Under GDPR individuals have...
The Right to Access - They will have the right to request access to their personal data and to ask how their data is being used. The company must provide a copy of the personal data.
The Right to be Forgotten – If they are no longer customers and withdraw their consent then they have the right to have their data deleted.
The Right to Data Portability – Everyone has a right to transfer their data from one service provider to another. It must happen in a used and machine-readable format.
The Right to be Informed – This covers any gathering of data by companies and individual will have to be informed when their data is gathered. They have to opt in for their data to be gathered and consent must be given freely.
The Right to have Information Corrected – this will ensure that individuals can have their data updated if needed.
The Right to Restrict Processing – Individuals are able to request that their data is not to be used for processing, their record can remain in place but not used.
The Right to Object – This will include the right of individuals to stop processing their data for direct marketing. There are no exemptions and any processing must be stopped as soon as the request is received.
The Right to be Notified – if there has been a data breach that compromises an individual’s personal data, they have to be informed within 72 hours.
The Business Impact
The new data protection regulation puts the customers into the driver’s seat and now the task of complying with the regulation falls upon business. All businesses anywhere in the world will have to subject to GDPR, no matter what you do. All organisations and companies that work with personal data should appoint a data protection officer who is in charge of GDPR compliance.
The conditions of obtaining consent are now stricter under GDPR, as individuals must have the right to withdraw consent any time. Companies will have to review business processes, applications and forms to be compliant with double opt-in rules and emails. Now, in order to sign up for communications, prospects will have to fill out a form or a tick box which will then confirm the further actions in another email.