GDPR – The Impact On Gathering Information
In May 2018, the General Data Protection Regulation (GDPR) came into effect. The legislation replaced the previous data protection law in the European Union (EU). It unified laws that protected the collection and use of personal data across the trading bloc.
It also sets out new rules of how personal data could be collected, used and stored.
While it is an EU law, it does affect organisations worldwide as data is collected whenever anyone lands on a website. So, unless you can block traffic from the EU, you need to be compliant with GDPR.
How Does GDPR Affect You?
For starters, there aren’t many changes in some respects. For instance, information such as names and email addresses already had protection in the EU and across the world. What GDPR does is that it adds regulations for IP addresses, types of cookies, member identifiers and other types of data that can track customers.
If there is any information that can be used to accurately identify a person, then it is regulated. For instance, now cookie IDs and advertising IDs are no longer anonymous data. It is important to realise that any data collected for your business must have a justification. There are six types of justification. These include:
- Legal compliance
- Protecting the interest of the person
- Public interest
- Legitimate interest
Accountability Is Key To GDPR
One of the major themes that’s important with GDPR is that of accountability. All businesses should document what personal data they hold and consider what areas are at risk. To make your life easier, and ensure you don’t miss anything, you should perhaps treat all online identifiers as personal data.
You should also look to run an information audit. This will help you monitor what information you’re collecting and how it is used.
You should also look at who is responsible for data in the organisation. There should be someone in your business who handles all the data jobs. This includes assessing how you obtain data, know how it is used and deal with information requests.
In bigger companies, more than one person can handle the workload, but one person should be responsible.
Security Is Key To GDPR Compliance
One of the major issues companies might struggle with in terms of GDPR, is that you have to make sure the data is protected. While this should be a concern already for your business, many businesses over the years have struggled to ensure their systems are secure.
Just in recent weeks, Facebook have faced allegations of a data breech and so have so many others. Major issues are faced by smaller businesses as they often don’t have the funds or technical expertise to protect their data as well as large organisations. Plus smaller businesses find it more challenging to detect data breeches.
Therefore, you need to ensure that you have the right software in place to protect your data.
Third Party Suppliers
In addition, any third party vendors you use that may collect information on your behalf need to be following GDPR regulations. If data about your customers is stolen from them, then it’s you who is responsible. So always check that GDPR regulations are being followed by them.
Most should already have this information as part of their privacy policies and other legal documentation. If they don’t, then you need to press them for more information. If they don’t think they require it, then it’s better if you move suppliers, because you’re responsible, not them.
GDPR is a new piece of legislation that requires you to change the way you handle data whether you trade within the EU or not. The risk of someone in the EU visiting your site is just too high and the ramifications for not following GDPR are just too much of a risk.
So consider, how do you collect, process and store data? How do you share that information? And then work out whether your systems are secure enough and if you have a justification. Be GDPR compliant and keep your business safe.
Are you GDPR safe? Did you realise you’re responsible for third-party vendors holding data for your company?
Let us know in the comments below.
Image from Pixabay.
Tagged in: data regulations, GDPR, GDPR regulations