With the new General Data Protection Regulation (GDPR), you may be one of the many business owners who are now carefully assessing business processes and systems to ensure they don’t fall prey of the new regulation implementation in May 2018. Even if you’re safe working on a direct compliance project, any new initiative within your business is likely to include an element of GDPR conformity.
The Basics of GDPR
So what is all the fuss about this new law which concerns data protection? GDPR goes beyond protection against the misuse of personal data such as telephone numbers and email addresses. The Regulation applies to any form of personal data that could identify a European Union citizen which include IP addresses and usernames. Also, there is no difference between information held on an individual in a personal capacity or business – it’s all classified as personal data which identifies an individual and is covered by the new Regulation.
GDPR does away with the convenience of the “opt-out” which is used by many businesses. Instead, applying the strictest of interpretations, making use of personal data of an EU citizen, requires that such consent be specific, freely given, and unambiguous. It requires a positive sign of agreement – it cannot be inferred from silence, inactivity or pre-ticked boxes.
It’s this scope, joined with the strict interpretation that has had business leaders alike in such a fluster. Not only will the business need to comply with the new law, but it may also be required to demonstrate this compliance. Consent may need to be gathered for the actions you intend to take. Getting consent just to make use of the data, in any form will not be sufficient. Any list of contacts you have from a third party vendor could become obsolete. Without the consent of the individuals who registered for your business to use their data for the action you had intended, you won’t be able to make use of the data.
At first glance, GDPR looks like it could obstruct businesses, especially online business. But that’s not the intention. It’s reasonable to assume, that emailing and cold calling legitimate business prospects, which are identified through their employer and job title, are still possible under GDPR.
3 Steps to Compliance
- Know Your Data: Despite the flexibility afforded by these mechanisms, particularly in the context of B2B communications, it’s worth mapping out how personal data is collected, held and accessed within your business. This process will help you to discover any compliance gaps and take necessary steps to make adjustments. Also, you’ll need to understand where consent is needed and whether any of the personal data you currently hold already has consent for the actions you intend to take.
- Appoint a Data Protection Officer: This is a requirement under the new legislation, if you want to process personal data on a regular basis. The data protection officer would be the one who will be advising the company on compliance with GDPR.
- Train your Team: Giving any personnel that have access to data adequate training on the implications of GDPR Compliant in Redding CA will help to avoid any potential breach. Data protection may be a dull or dry topic, but taking just a little amount of time to ensure employees are informed is very important.
In conclusion – do not panic! GDPR is not put in place to suffocate business. Instead, it’s for the consumer to enjoy greater protection when it comes to the collection and the use of personal data.