GDPR Explained In 5 Minutes: Everything You Need to Know

July 15 12:30 2019 Print This Article

GDPR stands for General Data Protection Regulation. It’s a game-changing data privacy law set out by the EU, and it’s going to be enforceable from May 25th, 2018.

But don’t be fooled by the law emanating from the European Union. Your company being based in the US or elsewhere won’t save it from the (rather hefty) penalties that the EU has promised to impose should a brand fall short of GDPR compliance when dealing with EU citizen data.

What is General Data Protection Regulation (GDPR)?

GDPR consists of a long list of regulations for the handling of consumer data.

The goal of this new legislation is to help align existing data protection protocols all while increasing the levels of protection for individuals. It’s been in negotiation for over four years, but the actual regulations will come into effect starting May 25th, 2018.

All of the reforms going into effect are designed to help customers gain a greater level of control over their data, while offering more transparency throughout the data collection and use process.

These new laws will help to bring existing legislation up to par with the connected digital age we live in. Since data collection is such a normal and integral aspect of our lives both on a personal and business level it helps to set the standard for data-related laws moving forward.

Put simply, GDPR is a regulation that you’ll want to take seriously. Below we dive into what this regulation is, the demands of the legislation and how it could impact your day-to-day business.

GDPR requirements: How to be GDPR compliant

Let’s be frank, GDPR compliance is something that the biggest companies in the world are currently grappling with, and will likely grapple with up until the deadline on May 25th, 2018 (and maybe even beyond).

Even if we distill GDPR compliance down to the basics, there are a lot of requirements you’ll have to implement to make sure you’re in line. Here’s what you should start thinking about:

1. Obtaining consent

Your terms of consent must be clear. This means that you can’t stuff your terms and conditions with complex language designed to confuse your users. Consent must be easily given and freely withdrawn at any time.

2. Timely breach notification

If a security breach occurs, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe will lead to fines.

3. Right to data access

If your users request their existing data profile, you must be able to serve them with a fully detailed and free electronic copy of the data you’ve collected about them. This report must also include the various ways you’re using their information.

4. Right to be forgotten

Also known as the right to data deletion, once the original purpose or use of the customer data has been realized, your customers have the right to request that you totally erase their personal data.

5. Data portability

This gives users rights to their own data. They must be able to obtain their data from you and reuse that same data in different environments outside of your company.

6. Privacy by design

This section of GDPR requires companies to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a fine.

7. Potential data protection officers

In some cases, your company may need to appoint a data protection officer (DPO). Whether or not you need an officer depends upon the size of your company and at what level you currently process and collect data

This article was originally posted here:

  Article "tagged" as:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment