A beginner’s guide to the GDPR
The highly anticipated European General Data Protection Regulation (GDPR) launches today, and companies everywhere are scrambling to meet the compliance deadline. The new laws will protect personal data of European Union residents, in the hopes of ‘reducing the severity and frequency of security breaches, and the mishandling / misprocessing of personal data on the web’.
Up until now, companies have been able to collect a wealth of data from their customers and even prospects, without necessarily having a valid use for it. The new regulations are an acknowledgement that this data is valuable, and that customers need to have a say in how it gets used. The GDPR replaces the much more lenient ‘Data Protection Directive’ which was established in 1995 – more than 20 years ago.
GDPR is reflective of a wider shift in the digital age, aiming to rectify laws that can no longer keep up with tech advances. It recognizes that data-fuelled technologies are so ingrained into our society that there must be stricter controls on how that data is regulated.
Who has to comply?
If your company controls or processes data from EU residents, you are required to comply with the GDPR requirements. That includes companies operating outside of the EU, but whose customer base includes Europeans. Fines are quite severe, with penalties of up to USD $25million or 4% of global annual revenue (whichever is greater).
How to comply
The GDPR outlines all of the data points that are considered ‘personal data’, including (but not limited to): names, email addresses, addresses, and IP addresses. This information can be collected and stored, but only if it is fully anonymized and kept in a way that makes individual identification impossible.
Your customers must be able to clearly see what their data is being used for. They must be able to request a copy of all of their information you have, as well as request to have it deleted. For many companies, it’s likely that becoming compliant will require an informational audit as well as the re-evaluation of current business models and processes – no small undertaking.
Are you ready?
A recent global survey by ISACA revealed that only 1 in every 3 companies will actually be ready by today’s deadline. “Not only are most unprepared for the deadline, but only around half of the companies surveyed (52%) expect to be compliant by end-of-year 2018,” states the report. Perhaps even more concerning is the fact that, “31 percent do not know when they will be fully compliant.”
Those who have achieved compliance, however, can expect significant benefits (beyond the obvious avoiding of harsh penalties). Greater data security and an improved reputation are just a few of the advantages that come with compliance. After a full audit has been done, your business is in the best shape it can be. For risk-averse business leaders who want to maintain this idyllic state, learn more about our Material Information Platform for companies.
Ansarada is proud to be GDPR ready
The main updates include more detail about how and why we use the information we collect about you, how we share it, who we share it with, and your rights with that data. In addition, we have reformatted our policy with clearer language, headings, and links that allow you to find important information more easily.
To learn more about what Ansarada is doing to comply with the new GDPR requirements, visit our website here.