If you have spent any amount of time online recently, then it’s likely you have heard of the General Data Protection Regulation. GDPR is a piece of legislation governing data privacy in the European Union that came into effect on May 25, 2018. Chatter online leading up to the date of enforcement, tended to prey on the public’s fear of change and the unknown. While this legislation could have a far-reaching impact on some of the world’s biggest technology companies, including Facebook and Google, rest assured there is nothing to worry about.
Here’s a brief guide to understanding the GDPR.
What is GDPR?
GDPR is a piece of legislation that was approved in April 2016. European authorities have given companies two years to comply and it came into force at the end of May 2018. GDPR is quite simply an updated version of a law that has been in place since the nineties called the Data Protection Directive. Data Protection Directive became outdated with the recent boom in AdTech (Advertising Technology).
AdTech is the sale of your personal information and habits to people and companies who want to bombard you online with ads based on your previous searches. Have you ever visited a website, later to have ads from that site appear on every site you visit for the next month? This type of marketing is invasive and irritating and GDPR legislation now aims to regulate that.
The goal of GDPR is to give consumers control of their personal data collected by companies. With GDPR, companies cannot sell the personal data of EU citizens without express consent. Not only will it affect organizations located within the EU, but it will also apply to companies outside of the region if they offer goods or services to, or monitor the behavior of, people in the EU. Adding a hefty €20 million penalty for non-compliance, the GDPR also joins the responsibility of the websites, data storage companies, and all who are involved in storing personal data of EU citizens.
What does GDPR mean for consumers/citizens?
Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so. One of the major changes GDPR will bring is providing consumers with a right to know within 72 hours if their data has been hacked. No longer will consumers find out 3 months after the fact that hackers have all their personal information (remember Equifax?).
Will the GDPR Apply to My Business?
It’s important to bear in mind that the GDPR will apply to any business established in the EU and may apply to companies based outside of the EU that process the personal data of EU citizens in certain circumstances.
If you are collecting any personal data routinely, you’ll need to comply with the GDPR, whether the data is on a spreadsheet, on your computer network, your mobile phone, or in the cloud. This includes your customer data, supplier data, past and present employees, etc. Bottom line, unless you are selling your customers’ private information for profit, you will not be negatively affected and the GDPR is a win for small businesses and consumers worldwide.