Is your inbox full of emails about changes in privacy and consent policies? The reason could be spelled GDPR (General Data Protection Regulation). If you’re not familiar with the new European Union regulation, check out these five FAQs* first!
- Will it affect my business?
- Will it affect me?
- What should companies be doing about GDPR?
- What is personal data?
- How long until the new regulation applies?
WILL IT AFFECT MY BUSINESS?
The GDPR is issued by the European Union, but one of the key changes (compared to previous legislation) is that it has broader jurisdiction. It applies to EU citizens/residents and any company that collects and processes the data from them – regardless of the company’s location. The regulation denotes controllers and processors of data, with legal obligations placed on both. A controller decides the purpose and means of processing personal data; a processor is responsible for processing the data on behalf of the controller. The regulation applies to both electronic data storage and manual systems alike!
Will it affect me?
The spirit of the new regulation is to protect personal data, giving individuals more control over how, where and who handles their info. It includes the right to obtain info on how your personal data is being processed, to be forgotten (aka data erasure) and to correct your personal information if it’s represented inaccurately. Basically, the previous legislation from 1995 was written for a different era, before the internet and before all our lives went online. The new legislation is more adapted to the concerns felt by many people today and is enforceable in a more concrete manner.
What should companies be doing about GDPR?
First off, take a good look at how you handle personal data. There are six reasons for data collection according to the new legislation. The regulation also states that an organization should only store data for as long as it is needed and in a secure manner – and there are some hefty fines for data breaches. If you don’t already have a Data Protection Officer who is up-to-date on the requirements and has a good overview of data collection/storage, then now’s probably a good time to appoint one! Here's what we're doing.
WHAT IS PERSONAL DATA?
Back in the day, personal data was your name, address and number in a phone directory. Nowadays, a lot more info is out there. The definition includes location data such as IP addresses; medical, economic and cultural information; photos; email addresses; bank details; posts on social networking websites; identification numbers, and even pseudonymised personal data, depending on how easily it can be traced back to the individual.
HOW LONG UNTIL THE NEW REGULATION APPLIES?
There’s been a lot of talk about the new regulation over the last few months, but the GDPR was actually adopted back in 2016. That’s when the EU member states agreed to the final directive text after four years of discussion and preparation. Following a two-year transition period, GDPR becomes enforceable from May 25, 2018. Not many days left, in other words!
* This info is not written by a legal professional and does not constitute legal advice! You'll find more info on data protection here.