In 2018 GDPR (General Data Protection Regulation) was enforced, causing a bit of a shakeup for European businesses and some global business owners have been asking “What is GDPR and how does it work”? GDPR is considered to be the most significant change introduced into data privacy regulation within the past 20 years. The introduction of GDPR has caused some concerns for business owners in Europe and overseas.
As businesses attempt to ensure they’re meeting GDPR guidelines, let’s look at what GDPR is.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
THIS IS FOR INFORMATION ONLY AND IS NOT LEGAL ADVICE, PLEASE CONSULT A LAWYER FOR SPECIFIC LEGAL ADVICE RELATING TO YOUR BUSINESS.
YOU CAN READ UP ON GDPR BY VISITING 👉 THE EU COMMISSION WEBSITE FOR MORE INFORMATION ON GDPR.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
A MODERNISATION OF DATA PROTECTION LAW
GDPR is a modernisation of data protection laws in Europe. Things have changed a lot over the past 20 years, with technology playing an essential part in our everyday lives and more so in recent times.
The way data is collected, stored and used has really changed and not necessarily for the better. That’s why GDPR has been introduced. It modernises the law, while also providing a more streamlined approach to data protection.
GDPR has replaced the 1995 Data Protection Directive. While it was still effective, the 95’ directive had become a little out of date.
It took over four years for the European Council and European Parliament to agree to adopt GDPR. It was communicated in May 2016 that the law would come into effect in May 2018, giving businesses 2 years to prepare and make the necessary changes.
SO WHAT’S CHANGED?
You may be wondering what exactly has changed with the introduction of GDPR?
For consumers – it has given them better access and greater control over the data businesses hold about them.
For businesses – there are a lot more rules and regulations to meet on how data can be collected and used.
There’s an article set out within GDPR which highlights the rights of individuals. Some of the key changes include:
- Significant fines introduced to businesses who fail to meet GDPR requirements
- Easier access for individuals to the information businesses have on them
- Clearer responsibility for businesses and organisations to gain consent before storing and using individual data
- Regulators can work together throughout Europe
The fines introduced are considered harsh, with the maximum reaching 4% of a businesses’ global turnover. This has understandably caused a lot of concern for businesses across Europe.
While GDPR may be complex, it is viewed as a positive step in data protection. Big data has become a huge part of business and it affects practically every sector.
The peace of mind it gives to individuals is fantastic, especially after a lot of recent data protection breaches. However, for businesses, the consequences of not following GDPR are pretty tough.
HOW DOES IT WORK?
Even though GDPR has been in place for a few years, many businesses still have quite a few questions about the changes. How exactly does GDPR work and what do you need to know in order to be compliant? It’s such a large topic to cover here but the main point you need to be aware of is GDPR affects your website, permissions, privacy, email marketing and some forms of data you hold about your customers/clients.
You will also need to ensure you have a data controller (that could be you if you are a small business), the contact details of the data controller should be made available in your privacy policies in order for you to comply with a request for the deletion of data.
HOW DOES IT IMPACT YOUR EXISTING CUSTOMERS?
One of the main questions businesses have in regard to the new GDPR, is how it affects their existing customers. While they know they need to follow the guidelines, it’s confusing knowing whether you can still email and market to your existing customers.
Although the rules are pretty complex, in general, it is safe to continue to market to existing customers providing they opted into the communications. Many businesses have decided to email their existing customers to ask if they do still want to continue to receive communications, which is a good approach to take.
For new customers, who are not already on your mailing list, this means that you have to seek explicit consent from them before you can communicate with them. They give this consent to you by checking a box to say they wish to receive emails from you (note: this box is not allowed to be pre-checked, they must take the action to select the check box themselves).
WHAT RULES DO EMAILS NEED TO FOLLOW?
One of the main changes your business will experience thanks to GDPR, is emailing. If you use email marketing, you’re going to need to be aware of what you can and cannot do.
It’s worth noting that under no circumstances, can you email new prospective customers to ask them to opt-in to marketing communications.
Even if the customer has expressed interest, you still cannot email them and ask them to sign up. Instead, they need to make the decision themselves.
WHAT SHOULD YOU KNOW ABOUT GDPR COOKIES?
GDPR has also impacted how websites can use cookies and track visitors from EU citizens. While the use of cookies is only mentioned once throughout the entire 88 pages of the regulation, it’s still important to understand what’s changed.
The main thing you need to know is that cookies which store information that could identify a person, are classed as “personal data”. This means you’ll need to follow the guidelines as to how they can be used. You’ll also need to tell the website visitors about the cookies collected and what it means to their privacy. This can be done via a pop-up notification, you have more than likely had to do this for many websites you have visited, they are complying with GDPR, they are not doing this to annoy you!
In summary, if you are a business owner, you need to familiarise yourself with these rules and ensure that you are compliant – no matter where in the world you are based. The best way to do this is to visit the European Commission website.