What is GDPR and what does it mean?
The new EU legislation influences the way we work worldwide. In this article we explain the what, the how and why the new EU privacy legislation works as it does.
What are the consequences of GDPR? How can your company, whether or not based in the EU, comply with these new regulations? GDPR influences contact with customers, but how?
The way you handle personal data has now changed and this applies to both prospect and customer data. We are talking about bank details, contacts, addresses, everything you put on social media. Even your IP address and the websites you visit are digitally stored.
Companies say they collect this kind of information to serve you in a better way, to send you more targeted and relevant messages, all to offer you a better customer experience.
But do they really use that data for that and only for that?
This is the question asked and answered by the EU and why a new European privacy regulation called GDPR came into force in May 2018. This changes the way you collect, store and use customer data as a company.
- In a survey of more than 800 IT and business professionals responsible for data privacy, Dell and Dimension Research found that 80% of companies know little about GDPR.
- TrustArc recently discovered that only 20% of companies think they now comply with GDPR legislation.
- More than 1 in 4 companies (27%) still have to start to ensure that their organisation complies with GDPR regulations – and that even though 25 May has already passed a few months!
In this article we want to make clear what GDPR is and what this means for your company and we give practical tips to prepare you for GDPR.
Your Rights Under GDPR:
- Permission is required
Companies are not allowed to process personal information about persons unless they have a voluntary, specific, information-based and unambiguous expression of their consent, in the form of a statement.
- Right of inspection
People have the right to access their personal data and the right to know how the data is collected about them and how the company uses it. The company must provide a copy of the personal data in electronic format free of charge if the person requests this.
- The right to be deleted
If a person is no longer a customer or no longer gives permission to use his personal data, his data must be deleted.
- The right to transfer data
Persons have the right to transfer their data to another service provider. This must be done in a commonly used and computer-readable format.
- The right to be informed
This applies to all types of data collection by companies; the person must be informed before the data is collected. Customers must give explicit permission for the collection of their data. This permission must be given voluntarily; it cannot be tacitly assumed.
- The right to correction of information
This assures a person that he can have his data changed if they are outdated, incomplete or incorrect.
- The right to limit data processing
People can demand that their data is not processed. Their file is then maintained, but may not be used.
- The right to prevent the data from being processed for direct marketing.
No exceptions are possible to this rule; any processing must be stopped as soon as the request has been received. The person must be informed of this right at the start of the communication.
- The right to be informed
If the security of the personal data is potentially at risk due to a data leak, the person has the right to be notified within 72 hours after the leak has been detected.
With GDPR, the EU wants to give more power to individuals, prospects, customers, temporary and permanent employees over their data. This, in turn, means less power to organisations that collect and use such data for monetary gain.
It is not an attempt to make it difficult for companies or to make work impossible for them, but the way in which personal information is stored and used must become transparent.