We’re sure you’ve been receiving privacy notices left and right about GDPR, but what is GDPR really? In 1995, the European Union (EU) adopted the Data Protection Directive – a mandate that regulated the way personal data was processed. Recently, the Data Protection Directive was replaced by the General Data Protection Regulation (GDPR). GDPR revamps the way organizations across the EU approach data privacy, making steeper restrictions and fines.
GDPR is the standard that protects personal data, requiring more transparency, rights, and enforcement than ever. Here are the ways GDPR is changing personal data regulations:
- Clearer Language: Rather than explaining privacy policies with lengthy, complicated conditions, businesses are now required to have clear, straightforward privacy policies.
- Consent From Users: Before, businesses operated off of “implied consent” – if a user didn’t respond, they were considered to have given their consent. Now, users have to give affirmative consent before their data can be used by a business.
- Increased Transparency: Now, businesses have to clearly inform users about:
(a) Any data transfers in which data is transferred outside of the EU
(b) Whether an algorithm is used to make decisions about the customer
(c) The purpose behind data collection and usage
- Stronger Rights For Users: Users will now have more agency over their data as they will be able to
(a) Move their data from one social media platform to another
(b) Access/have a copy of their data from a business
(c) Have their data deleted
(d) Know when they are the victim of a data breach
- Stronger Enforcement for Businesses: GDPR enables 28 data protection authorities to enforce the new laws – including charging fines up to €20 million or 4% of a company’s worldwide turnover.
Why Is This Important?
Although these laws are confined to the EU, any business conducted with an individual in the EU has to follow GDPR guidelines. Because of the global nature of business through the internet, many companies don’t realize that, if they have a consumer or potential consumer in the EU, they are bound to the GDPR guidelines.
How Do I Follow These Guidelines?
To ensure compliance with the GDPR, follow these 5 steps:
- Obtain Consent From Users: In instances like an email campaign, this may look like sending an opt-in consent form to all users included in your email marketing list.
- Be Transparent With Your Customers: When you send your customers a survey, make sure to tell them what you’re going to do with the results.
- Know Your Customers’ Rights: If you have a data breach, let your customers know about the breach within 72 hours in compliance with the GDPR.
- Understand Your Limits: Because these regulations are new, it is still uncertain how strictly the GDPR is enforced. There is, however, an increase in data protection authorities. Businesses need to understand that there is a high penalty for noncompliance.