Did you know that the General Data Protection Regulation (GDPR), put in place in May of 2018, is the harshest privacy and security law in the whole world?
GDPR was created to protect the right to privacy that we all have, but it has certain implications for businesses. If you run a business, you’ll want to be well-versed in the data protection act so you don’t incur large fines for breaching it.
If you are hoping to learn all about GDPR, you’re in the right place. Read on to discover 10 things you should know about it.
1. GDPR Applies to You
Although GDPR was created and implemented by the EU parliament, it still applies in the United States and beyond. If an organization relates in any way to people in the EU, it must abide by GDPR.
2. Define Personal Data
The definition of personal data has broadened to include traditional data such as date of birth, address, and so on as well as non-traditional identification information such as economic and cultural information.
3. No Data is Exempt
Regardless of the type and quantity of information your organization collects, it must follow GDPR by being transparent about data collection and obtaining consent from customers.
4. Data Protection Officer
Under the General Data Protection Regulation, organizations are required to process large amounts of specific data. Therefore, a data protection officer must be appointed to monitor and track data and ensure that the organization follows protocols.
5. Disclaimer and Consent
Companies must clearly state the information they collect and what they use it for. They must also obtain express consent from the customer before they input the data.
6. Clear Language
Privacy policies must be written in a way that the average person can understand. They must be easy to find. If your company works with other vendors, your company must also ensure that companies associated with it are complying with GDPR; otherwise, your company could be fined for another company’s mistake.
7. 72 Hours to Report Breaches
If there is a security breach and personal information is at risk, the data protection law requires that the company report it within 72 hours from when the breach was identified.
8. Alert Victims
Writing about the breach in a press release, for example, does not count. In the case of a breach, the company must specifically inform each individual it affected.
9. No One Size Fits All
Although all companies must comply with GDPR, the type of compliance required depends on factors such as the size of the company and the type of personal information it collects.
10. Consequences of Non-Compliance
The consequence of non-compliance depends on the severity of the infraction. You could face hefty fines amounting to millions of euros.
General Data Protection Regulation: The Summary
The General Data Protection Regulation is demanding when it comes to dealing with personal information. It requires companies to respect their customers’ data in a transparent way.
This is important because our personal information is a crucial part of our identities, and it should be protected as such.
If you are looking for an appropriate way to deal with the personal information you collect, please contact us to discuss your needs and goals.