GDPR came into force on May 25 and the build up to its introduction generated a flurry of activity among businesses, all wanting to make sure they’re compliant with the new legislation.
Widely reported as being the most important change in data privacy regulation in 20 years, GDPR is aimed at putting individuals’ privacy first and has replaced the existing Data Protection Regulation 95/46/EC.
Surprisingly, despite there being widespread global speculation and debate about GDPR in the lead up to its introduction, it would appear that now it’s here, very little’s being said about it. And, now that the influx of GDPR-related emails has died down, you could be mistaken for forgetting that it’s even in place.
But it is. So, what does this mean for businesses?
Well, if you haven’t already done so, it’s important that you’re fully up to speed with GDPR and what you need to do in order to maintain compliance. Failure to do so can result in companies being significantly penalised. They can either receive a standard penalty of €10m or 2% of their annual global turnover, up to a maximum of 4% of their annual global turnover, or €20m, whichever is greater.
GDPR stipulates that personal data must be used fairly, legally and transparently. It must also be collected for specific purposes – and used only for those specified purposes. All data must be deleted when it’s no longer being used for its initial, intended purpose. Your existing CRM or other systems may be able to help you fulfil these document compliance requirements or it may be that you need to invest in an alternative to ensure you prioritise customer needs, treat online data respectfully, and effectively manage customer information.
Complying with GPDR can be daunting for businesses, especially smaller companies, and given the fact there’s been widespread confusion regarding the specifics of the new rules and what the requirements actually mean on a practical level. But that doesn’t mean it should be ignored.
The Supervisory Authorities enforcing the new regulations recognise there may be a bit of a learning curve involved, particularly for SMEs. The important thing is to take action straight away and show that your business is striving to understand its personal data, data usage and accountability requirements sooner, rather than later.
For more information about GDPR, check out our blog, ‘The GDPR countdown is on: The essential Q&A for businesses.’