GDPR – General Data Protection Regulation
What is the GDPR?
GDPR – General Data Protection Regulation – is a new EU regulation intending to combine and strengthen data protection within the EU. The regulation will come into effect 25th of May 2018, giving time to adapt to the changes. GDPR will replace the outdated Data Protection Directive which has many gaps in it as a result of the rapid advancement of technology since 1995, when the directive was made.
The GDPR will cover all countries that process or hold the personal data of EU citizens, whether that country is a part of the EU or not. This means that Britain will still have to abide by the laws of the GDPR despite the result of the EU referendum at the end of June.
Most important changes
Some of the more important changes to legislation as a result of the GDPR are:
- The fines for not complying with the laws can reach a maximum of 4% of the businesses global annual turnover or up to €20,000,000. However for the first accidental infraction only a warning would be given.
- Data protection must be designed into the business services themselves, allowing for data protection to be carried out from start to finish of the involvement with the customer.
- Multinational companies that operate across the EU will need to employ a data protection office independently that is able to manage both the IT systems, and be familiar with the legality of the GDPR.
- All personal data must be able to be erased at will if a client requests that they no longer wish you to be in possession of their details. Once a request is made there will be a time period of a month to erase the data.
- Clear consent must be given for any personal data that is to be collected and processed. This will need to be consent from the child’s parents if they are under 16 years of age. This consent can be withdrawn at any time.
How to deal with the GDPR
It is important to ensure that all data held by a company has a known source, as well as a way of determining the age of the person data is being collected from along with a form of consent to allow for lawful data collection or transfer. It is also necessary to ensure that all security protecting data is strong enough to meet the requirements for the GDPR as stronger security methods will be needed.
One of the easiest ways to prepare for the GDPR is to ensure that you are sourcing your data and telemarketing needs from a reputable, reliable, and transparent company as this will check many GDPR boxes. The company would have to be GDPR compliant, making sure that consent was already gained and that much of the required data protection is already built into their services.
Predictive coding technologies can also be used to ensure that only the required information is gathered, assisting with ensuring that data protection is designed into the services themselves. This technology can also be used to make deleting any personal information a much more efficient and thorough process.
The employment of a data protection officer as soon as possible would also aid preparation greatly as not only would it fill a requirement of the GDPR, the officer could make an early assessment of processes and systems to test for compliance.
As technology changes so must the legislation, so while the GDPR may make some processes more difficult for a large number of businesses; it is a necessary step that must be taken to protect the growing amount of personal information that is available online from people who could use that data for harmful purposes. It will become even more important to make sure that your data comes from a reputable and reliable source as time goes on as the volume of data available increases, most likely along with new regulations as new technology is developed.