If you own or operate an international business, you’ve likely had internal discussions about General Data Protection Regulation (GDPR), which took effect May 25th. This is a data privacy effort developed in the European Union (EU). Why is it important? Violate it and fines could reach up to €20 million or 4% of global annual turnover for not being GDPR compliant!
Let’s go over what personal data is and what it means to be GDPR compliant.
According to the European Commission, Personal Data is defined as name, address, location, online identifier, health information, income, cultural profile, and more.
Now that we have defined Personal Data, let’s figure out what we can do with it, with the help from the EU. Use these guidelines when interacting with customers or prospects.
Communication
Use plain language. Tell them who you are when you request data. Say why you are processing their data, how long it will be stored, and who receives it.
Consent
Get clear consent to process the data. Collecting data from children? Check the age limit for parental consent.
Access and Portability
Let people access their data and allow them to give it to another company if they so desire.
Warnings
Inform people of data breaches, and make sure they know if there is a significant risk that there may be one.
Erase Data
Give people the ‘right to be forgotten’. Erase their personal data if they ask, but only if it doesn’t compromise freedom of expression or the ability to do research.
Profiling
If you use profiling to process applications for legally-binding agreements you must:
- Inform your customers
- Make sure you have a person, not a machine, checking the process
- Offer the applicant the right to contest the decision if the application ends in a refusal
Marketing
Give people the right to opt out of direct marketing that uses their data.
Safeguarding Sensitive Data
Use extra safeguards for information on health, race, sexual orientation, religion and political beliefs.
There are some common questions companies have about GDPR. Here are some of the most frequent.
What happens if your business isn’t compliant?
If you are found to be non-compliant, you will receive a warning. If you are still not compliant after your initial warning, you will be reprimanded and suspended. If you are still non-compliant, you are at risk to pay the aforementioned fine.
What if my website doesn’t have a European audience?
The EU did not create these new standards to make it more difficult for business owners, but to build more trust between a business and their customers. With so many data breaches recently, it is harder for people to trust businesses with their personal information. So, even though you don’t do business in the EU and have no chance of being fined, being GDPR compliant will help build trust within the business-client relationship. And you will be confident, knowing your customer’s data is secure.
What do I need to do to be GDPR compliant?
Most third-party services like WooCommerce, WordPress, and MailChimp are already a step ahead of you. You may have received an influx of emails from these services and may or may not have deleted these emails without even looking at them. Well, those emails contain key information for updates or steps needed to become GDPR compliant.
Your first task is to make a list of what platforms you use to collect your customer’s personal information. Once you’ve created this reference, go to each companies website and you will find information about how to make sure you are compliant.
Determining the next steps depends on what type of business you have, and where you operate. For the answers to all of your questions, here is a link to the EU’s website.
