GDPR: The New European Union Data Law

Starting May 25th, companies who collect online data on European Union (EU) citizens are subject to a stringent new set of rules. If your business will be affected by these changes, here is what you will need to know!

What is the GDPR

The General Data Protection Regulation (GDPR) aims to strengthen protection and give EU residents more control of their personal data. It also improves protection for businesses in the instance of a data breach.

The GDPR is replacing the European Parliament’s former data protection directive. An update was required after online consumers became increasingly concerned with losing important security and identity information in a data breach. Apprehensions became so great that consumers began intentionally filling out electronic forms with fake identities just to protect themselves.

The GDPR protects basic information such as name and mailing address, IP addresses and RFID tags, health and genetic history, biometric data, ethnicity, political opinions and sexual orientation. All businesses (whether located in the EU or not) that store and process information submitted by residents of the EU are expected to show compliance by the stated deadline. This essentially affects all businesses, regardless of size.

How to Prepare for the GDPR

Big data corporations are busy priming themselves for compliance. Facebook recently debuted new privacy tools to conform to this harsher data climate. So how can smaller businesses prepare for what’s to come?

  1. Communicate – Ensure that the key players in your organization understand that the laws are about to change. This should be seen as a top priority.
  2. Document and review – The GDPR requires you to maintain records of data processing activities. You may need to organize a company-wide information audit. It is also a good idea to review your privacy notice to ensure it is clear, concise and consistent. Be sure that your procedures comply with the rights for individuals outlined by the GDPR.
  3. Adopt/update Data Protection Plan – The GDPR makes data protection a legal requirement, so now is the time to refresh your approach. Working with an experienced cyber-security firm can help. You can assess your current situation with an expert who understands the ins and outs of privacy legislation. This will show you what procedures are already compliant and which ones need to be altered.
  4. Run a test – You will now required to report a breach within 72 hours. Failure to adequately report in a timely manner can result in fines or worse. It is imperative that your team tests their readiness to respond and report.
  5. Implement ongoing assessment – The work doesn’t stop after May 25th. To remain in compliance, set up a plan for ongoing assessment. You may wish to offer incentives or bonuses for employees who consistently comply. Subsequently, you can apply strict penalties for those who violate the GDPR. The more severe the consequences, the lower your risk of the company incurring a harsh fine.

Like any new legislation, there is a lot of unpack. We would be pleased to answer any questions you may have! Keep your business moving forward by becoming GDPR compliant.

Comments are closed.