24 April 2018
GDPR : The General Data Protection Regulation
Data is the new gold, so protecting it is crucial. Companies must comply with new EU rules around privacy and data use - the General Data Protection Regulation (GDPR) – by 25 May or face the consequences. What means GDPR for companies and for customers ?
- Launch 25 may 2018 for all companies that process personal data of individuals in the EU
- New rights for consumers like the right of consent or erasure
- Bigger fines for companies who fail to comply with the law
The GDPR was designed to, 'harmonise data privacy laws across Europe, protect and empower all EU citizens' data privacy and reshape the way organisations across the region approach data privacy'.
In other words, it will make EU member states fit for the digital age.
Published by the European Commission in May 2016, the GDPR gives all organisations in the EU that process personal data (so not just private organisations, but hospitals, local councils and a raft of other organisations), two years to comply.
'A significant impact'
So what exactly is changing?
The GDPR, which replaces the previous data protection directive, regulates the way personal data is processed.
By processing we mean collecting, storing, using, sending and deleting data, which might belong to customers, employees or suppliers. This data includes information about customers' transactions, their contact information, copies of their passports etc.
Customers will have more control as they are better informed of why and when companies are processing their data and they can exercise their individual rights based on this more detailed information.
And if companies don't comply?
There is already a data protection policy in place, but the GDPR makes it stricter and more explicit.
Fines can be imposed if companies breach these data privacy and protection rules.
They are higher than ever before – up to 4% of a company's global turnover per event.
So, two big reasons to comply for companies: the fines and their reputation.