GDPR aka General Data Protection Regulation.
Those shoes you just bought online, how much of your personal info did you give in order to buy them? The bank you’re with, your address, your social media? We give away an immense amount of our personal life to the internet. GDPR will basically replace the Data Protection Act 1998 and means that as the consumer we now have the right to know who, what and why our personal data is to be stored by businesses, where they’re keeping it and how they’re deleting it.
Who and where?
This will be implemented across the whole EU region and applies to companies who are storing or processing personal data.
The new act will help protect individuals and will reduce things such as targeting specific customers based on assumptions, help to protect identities and will ensure that the data is being used lawfully. Tasks such as reviewing your own privacy notices, knowing what personal data you’re storing and how you go about deleting it should all be handled before the deadline to avoid being fined.
One of the simplest ways in which you can become GDPR compliant is by adding a tick box directly telling your customers that you want to store their personal data. For example, “I agree, by providing my details I give permission for this brand to add me to their database and contact me in the future with relevant updates and news.” Do you have a contact form? Do you have user accounts? How long are you keeping data before its deleted? These may sound like simple questions but they will ensure you stay within the regulations of the new act. And whatever you do, don’t copy and paste from other privacy policies.
In 2012 the British Pregnancy Advice Service was hacked. As a result of its inefficient personal data collection and storage, the hacker gained access to over 5,000 contact forms in which women could inquire about abortions. Luckily he was arrested before he could share the women’s data publicly, leaving the BPAS with a heavy fine.
Ultimately, GDPR means individuals now have the right to things such as being informed, objecting and access to their personal data whenever they want. Use this as an advantage to show your employees and customers that you really care about protecting their personal data.
Check out the GDPR masters for some expert advice.