With the new General Data Protection Regulation (GDPR), you may be one of the many business owners who are now carefully assessing business processes and systems to ensure they don’t fall prey of the new regulation implementation in May 2018. Even if you’re safe working on a direct compliance project, any new initiative within your business is likely to include an element of GDPR conformity.
The Basics of GDPR
So what is all the fuss about this new law which concerns data protection? GDPR goes beyond protection against the misuse of personal data such as telephone numbers and email addresses. The Regulation applies to any form of personal data that could identify a European Union citizen which include IP addresses and usernames. Also, there is no difference between information held on an individual in a personal capacity or business – it’s all classified as personal data which identifies an individual and is covered by the new Regulation.
GDPR does away with the convenience of the “opt-out” which is used by many businesses. Instead, applying the strictest of interpretations, making use of personal data of an EU citizen, requires that such consent be specific, freely given, and unambiguous. It requires a positive sign of agreement – it cannot be inferred from silence, inactivity or pre-ticked boxes.
It’s this scope, joined with the strict interpretation that has had business leaders alike in such a fluster. Not only will the business need to comply with the new law, but it may also be required to demonstrate this compliance. Consent may need to be gathered for the actions you intend to take. Getting consent just to make use of the data, in any form will not be sufficient. Any list of contacts you have from a third party vendor could become obsolete. Without the consent of the individuals who registered for your business to use their data for the action you had intended, you won’t be able to make use of the data.
At first glance, GDPR looks like it could obstruct businesses, especially online business. But that’s not the intention. It’s reasonable to assume, that emailing and cold calling legitimate business prospects, which are identified through their employer and job title, are still possible under GDPR.
3 Steps to Compliance
In conclusion – do not panic! GDPR is not put in place to suffocate business. Instead, it’s for the consumer to enjoy greater protection when it comes to the collection and the use of personal data.
Fill out the form, and we’ll connect with you right away. If you’re local, we can come by and shake hands, just let us know!