
Keeping Clients Happy - The Secret is in Plain Sight
The secret to a happy client isn't that much of a secret when you think about it. A critical part of dealing with...
Are you ready for the General Data Protection Regulation (GDPR)? It starts soon, which means that every entity that process personal information needs to be ready for it. If you aren't aware of what the GDPR is all about, you're in luck. This article will cover everything you need to know about general data protection regulations. We'll also give you a glimpse into what GDPR actually is and if it applies to you or not. We're even going to discuss how it affects data processing and what your business can do to comply.
The General Data Protection Regulation (GDPR) will go into effect all across Europe on May 25, 2018. But what does that mean? The GDPR states that any entity that processes personal information has to follow the principles stated in the regulation. These upcoming changes redefine data protection and the very concept of personal data. Data processing will become transparent and controllable by BOTH parties.
In general, the collection and use of data must be fair. This means that now the consumer has control over their data and how companies use it. The GDPR protects all data from misuse and security breaches, this also depends on the sensitivity of the data itself.
Here's the thing, unlike Europe, U.S. laws and regulations tend to favor business over the consumer. The General Data Protection Regulation's charter states that "The protection of natural persons in relation to the processing of personal data is a fundamental right." The GDPR hopes to pave the way globally with a broad, comprehensive law that implements steep fines whenever there is a breach of the GDPR's policies.
The General Data Protection Regulation charter recognizes that data can travel well beyond European borders, so it provides protection to citizens no matter where their data travels, ie. the U.S. This means that ANY company that has a database that includes EU citizens must adhere to these new regulations. As a result, businesses of all sizes will feel the effects. And in order to comply, American companies can either block EU users altogether or they can have processes in place to ensure compliance.
Essentially the GDPR aims to protect user data in about every way possible. It operates with an understanding that data collection and processing is what most businesses run on. But at the same time, it strives to protect that data as a way to give the consumer ultimate control of what actually happens to it. So, in order to be GDPR-compliant, a company must handle consumer data carefully while providing consumers ways to control, monitor and check their data.
It also means that consumers can delete any of their information whenever they want to. Companies that want to stay in compliance must implement certain actions to ensure that data remains protected. To comply with this requirement, GDPR promotes pseudonymization, anonymization, and encryption.
With pseudonymization, a system might assign a user one identifier for location and another for a browser that links back - only if the user connects it with their date of birth (which is kept separately). The General Data Protection Regulation promotes pseudonymization over anonymization.
According to GDPR, companies need to make sure that customers have control over their data. This means that the data needs to include safeguards in order to protect their rights. At its core, the protection has a lot to do with the process and communications that are done with explicit and affirmative consent on a subject's data.
The GDPR requires any company that has large amounts of data to hire dedicated personnel to oversee all aspects of GDPR compliance. The Data Protection Officer (DPO) is expected to be in addition to any current IT or data security personnel. DPOs will answer to the compliance and liability for GDPR.
Okay, so yes GDPR requires member states to establish supervisory authorities with the power to monitor compliance. But the situation is a little unclear when it comes to countries outside the EU. The truth is that no one really knows how the EU will enforce GDPR in the States. Unfortunately, we probably won't know until we see the first test case.
The U.S. Commerce Department-created EU-US Privacy Shield framework will specifically help companies comply with transatlantic data protection requirements. But we won’t know exactly how it will play out until a U.S. company is non-compliant of the GDPR.
As of now, it's unclear how prepared U.S. companies really are. Not surprisingly, there's some debate about whether GDPR will cause distress or not. However, there is some evidence that in late 2017, companies began taking it seriously. A survey by security compliance firm TrustArc and the International Association of Privacy Professionals (IAPP) found that 84% of its U.S. respondents expect to comply by May 2.
However, some are trying to avoid the GDPR with preemptive strikes. In April, Facebook changed their privacy settings, stating that they will NOT extend GDPR to their new privacy settings. As a result, the MEP argues that GDPR isn't enough. The feeling is that the EU needs more legal safeguards in place - stating that it's the only way to prevent massive security breaches like the Facebook scandal.
For the most part, it's unlikely that companies will have to adapt their standard marketing processes. Such as data mining, location targeting and remarketing. However, they will have to think of new ways to handle data. But businesses that already take the threats associated with user privacy seriously are already ahead of the curve.
Thankfully there are steps that you can take when it comes to developing a plan to stay in line with the GDPR's regulations.
Legal Disclaimer: The information in this guide does not constitute legal advice. This is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.
We hope that this has given you some insight into the GDPR regulations starting May 25, 2018. If you have any questions, let us know in the comments below!
The secret to a happy client isn't that much of a secret when you think about it. A critical part of dealing with...