General Data Protection Regulation

What is GDPR? : The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies.

What this means for you : As a business you need to prove that a contact has explicitly agreed to you collecting, storing, using or sharing their data. Contrary to some reports, this applies in a B2B context and to all contacts, regardless of whether they are existing customers or you have a prior relationship with them. You should think about…

Give it to me in Plain English: You’ll need to check how you store user data on your website and make sure it can be accessed and deleted by the users!

So, you need to strengthen the consent requirements on your website. If you collect or manage any EU citizen’s data, you must:

• Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.
• Have a clear and accessible privacy policy that informs users how collected data will be stored and used.
• Have a means for users to request access and view the data you have collected on them.
• Provide users with a way to withdraw consent and purge personal data collected on them; i.e. the “Right to Be Forgotten”.

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

Information Sources: eugdpr.org | itgovernance.co.uk | talisman.co.uk | ninjaforms.com