As you’ve probably noticed with pretty-much every single website you visit nowadays, you can’t actually access the site until you’ve given permission to the site-owners to access your data. This is all thanks to the recently implemented GDPR laws. GDPR, or Global Data Protection Regulation, was created in order to regulate how certain businesses in the EU utilize the personal data of people that visit their websites. Your personal data consists of things such as: your email address, your age, your gender, your sexual orientation, your place of occupation, your date of birth, social media history, viewing history, and much more besides. Even though GDPR has now been around for close to a year, many people are still unclear about what it actually is and why it’s beneficial. Here’s a look at 7 important facts to know about GDPR.
As hard to believe as it may be, GDPR is fast-approaching its very first birthday. That’s right, it’ll soon be the one-year anniversary of when GDPR was first implemented. Now we’re so accustomed to granting permission and consent to websites to use our personal data that we barely even notice anymore. This time last year however, none of that was needed. GDPR came into effect on May the 25th, 2018. Time really does fly.
Now that GDPR is in full-effect, we would hope that you have done what was necessary to ensure that your business and website complies with the laws, rules, and regulations surrounding GDPR. If not, you need to rectify that ASAP. It was clearly stated, well in advance of GDPR being enforced, that businesses failing to comply with the rules set out via GDPR could incur potentially serious penalties. So how much? Well, that would depend on how large your business is, and how much your business generate. Your business would either face fines of up to €20 Million or 4% of the businesses’ total worldwide turnover. Yikes! That’s a lot of money for failing to insert a quick disclaimer and consent box onto the homepage of your website. By the way, GDPR is way more complex than that, but hopefully you get the point that we were trying to make.
We’re living in an age where cyber criminals are becoming smarter and more advanced than ever. This is potentially worrying because more and more of our everyday tasks are not performed online. We pay for items online by entering our banking details, we get paid online, and we do our banking online. The last thing we want is for our private details to fall into the wrong hands. Without naming names, in the past there have been a number of high-profile data breaches at large and established companies that have cost customers a lot of money, time, and stress. If your business was the victim of a data breach, you would likely want to keep that info quiet as it doesn’t reflect well on you. Thanks to GDPR however, that’s no longer possible. GDPR has imposed a duty on all businesses and organisations to report specific types of data breaches to the relevant authorities and governing bodies. These breaches must be reported within 72 hours. All people affected by the breach should also be notified within 72 hours. Failure to do so will result in hefty fines and penalties, and possible legal action.
Without mentioning the B word (Brexit, in case you were wondering) GDPR applies to each and every single registered organisation within the EU, or those who happen to also have a subsidiary or establishment located within the EU. So, does that mean that those in the USA are exempt? No, it does not. You see, GDPR also happens to apply to organizations which happen to offer goods or services to individuals located in the EU. So, if you operate an e-commerce store that ships goods overseas to countries located in the EU, you’d better make sure that you your business is compliant with the rules, laws, and regulations applicable to GDPR.
In the past, if an individual wished to access the data that certain businesses and organizations stored about them, they would need to pay the business/organizations for the privilege. It sounds scandalous, but that was simply how it went down. Now, the balance of power has tipped back in favour of the consumer. Now, customers are legally entitled to request info about themselves, being held by the business in question and the businesses must hand it over. Failure to do so will again result in hefty penalties and fines and the risk of facing criminal charges. Best of all is the fact that businesses are no longer legally allowed to charge money in exchange for relinquishing the info in question. Organizations will have just 30 days in order to complete the request and release the requested information.
According to recent research, it is estimated that around 22% of all organisations are still not aware that they need to comply with the rules and regulations laid out by GDPR. Most of the estimated 22% of organizations are actually located outside of the EU, but they still offer good and services to customers inside of the EU.
It has been found that GDPR is primarily affecting industries which work within the technology sector. In fact, 53% of all tech-based businesses are affected by GDPR, though this is not necessarily a bad thing. Online retailers are next in line, coming in at 45%.