The GDPR will come into enforcement on May 25th, 2018. It will be enforced throughout Europe, and aims to give citizens more control over their personal data (this includes names, addresses, phone numbers, bank and credit cards, e-mail addresses and IP addresses), and to create a uniform standard of protection across the continent.
This will change the way businesses collect, store, record and process personal data on a global scale, despite it being an EU specific law. If ignored, this law can see a business fined up to £17.5m, or up to 4% of your WORLDWIDE revenues PER INSTANCE. So – are you taking notice now?
How It Affects Your Data Storing Practices…
Basically, the new GDPR is designed to ensure that businesses only collect essential data; it must be legitimate, explicit and specified. If you are a company that deals with sensitive data, here are some practices that you will need to ensure are being implemented and adhered to:
- All data must be lawfully and transparently processed.
- The data collected must be limited to only what is essential and relevant to your business.
- All data must be up to date.
- ‘Maximum security’ conditions must be applied to the processing of personal data.
- The identity of an individual must only be available when their information is being processed, and only when they have given permission.
- “The right to be forgotten”: All personal data should be able to be deleted on request.
- You must have a clear and visible complaints procedure.
- Data on minors (under 13) can only be held with their guardian’s permission.
- ‘Opt in’ replaces ‘opt out’.
Does your company comply with all of these? If not, then maybe it is time to review your data processing protocols. If you are not sure, why not take a look at these 12 tips on how to prepare for these new regulations.
GDPR is about protecting personal data so does that mean it affect’s business data?
The short answer is yes. It might be there are some express exceptions to the rule when it comes to blanket email addresses, but essentially, if you have an ability to track down an email address to a person then its ‘personal’. Why run the risk? Read more here.
GDPR After Brexit
You may have picked up that GDPR is indeed and EU law. As we know, the UK is not going to be part of the EU for too much longer. The government has confirmed that it intends to bring the GDPR into UK law after the EU break, so fear not, if you change your practices now, they will still be relevant once we are on the other side of Brexit.
e-Commerce Stores and Payment Gateways
Most e-commerce systems process payments outside of the business by way of platforms such as Paypal, Worldplay, SAGEpay and Stripe. This makes them PCI compliant. However, if your payments pass directly through your network, i.e. if credit card and bank details pass through your system, you may be in breach of your compliance. If there is a breach of such sensitive data in your network, you may be liable to fines. Make sure you check this out!
What can e-blueprint do for you?
GDPR is daunting but following a few steps to ensure you and your staff are aware and manage personal data securely, transparently and with the care and intent it should be used i.e. to the benefit of the individual then you are a lot further on than most. We can simplify some of this. Here is what e-blueprint can do for you:
- Help audit your online data processing and ensure your clients personal data is secure.
- Re-engage your customers and supplier databases held on your CRM for re-opt in to how you communicate and market to them.
- Help you to re-engage and check your email database and the data you hold.
- Provide cookie opt-in’s
If you have any further questions, please feel free to call or send us your enquiry.