Massive changes will happen regarding data protection in Spring 2018. Is your company GDPR-proof? The latest polls indicate that 69% of businesses are not ready. This article lists all the key aspects to deal with to properly tackle this massive shift!
A Law from the European Union
This new Law aims at harmonizing the various laws that prevail across all the countries part of the EU. It will also modernize the legal framework that surrounds privacy protection. The whole EU is finally adapting to the online habits of its citizens.
99 articles lay out the various principles that will govern all companies, whether private or state-owned, that deal with gathering or processing the private data of European citizens by any means whatsoever.
Non-EU companies shall also comply with this piece of legislation when they happen to handle data from EU residents.
This global change will take place on May 25th, 2018. From this day onwards any company will be susceptible to undertake conformity checks. If your company happens not to be fully compliant be ready to bear the costs and ensuing sanctions…
If you suffer from any data leaks or piracy attacks the GDPR states that you have to report such events to the relevant authorities within 72 hours. All the persons affected by any privacy breach should also be warned in a timely manner. The European Union is scaling up its legal game to counter-attack the new wave of viruses and cyber-attacks!
Here are the goals of the GDPR:
– Harmonize data protection laws across the EU
– Hold companies responsible for promoting self-control: companies are held accountable for the protection of customer data.
– Strengthen citizens’ rights: the GDPR aims at granting citizens more protections regarding the use that is made of their data. The Law aims at making them more autonomous and it gives them the tools to take actions and get easier access to their personal data.
“The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights […]” Official Journal of the European Union
– Check abuses thanks to harsher sanctions: if you fail to comply with the law, authorities may heavily fine you up to €20 million or 4% of your annual turnover! This would not only negatively impact your finances but also your brand equity.
What changes to expect?
The GDPR impact all stages of data processing.
Data collection shall have a precise goal that should be clearly stated. You should get people’s consent regarding what is going to be made of their data (audience measurement, advertising…). Transparent information about these processes should be laid out in your legal terms, and forms should have clear opt-in features.
The GDPR strongly regulates profiling to limit any negative consequences that people may suffer from.
“[…] any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her […]” Official Journal of the European Union
Keeping data for an unlimited time-period will no longer be tolerated. Storage time will be limited and should be in line with the final aim of the data collected. Data Protection Officers will also have to keep a thorough record of data processing terms.
Anyone whose personal data is collected is automatically granted a series of rights: the right to be forgotten, the right of access, the right of rectification…
An opportunity to strengthen trust
Often thought as one more constraint on businesses, this new piece of legislation bears many benefits. Beyond the many structural changes to come, the GDPR enables you to create greater perceived value. The GDPR improves and streamlines internal data processing and administrative processes.
The GDPR brings about a positive dynamic around data protection, which is a major source of concern for the majority of Europeans.* Being GDPR compliant is an opportunity to reassure your customers!
*In 2017, 85% of Europeans stated that data protection was a major source of concern (Source: CSA Survey).
Mazeberry is 100% GDPR compliant!
Information privacy and data protection have always been part of Mazeberry’s DNA. Hence, our long-time focus on enforcing the latest measures to protect our clients’ data.
You can rely on us!
Because images speak louder than words, check our GDPR infographic: