What is GDPR (General Data Protection Regulation)?
To cut a long story short, GDPR (General Data Protection Regulation) is going to be introduced across the EU on 25th May 2018 to prevent people’s data being used or harvested without their permission. If your website or application uses web forms, sell’s products, or collects any kind personal information you should take note – The previous data protection laws in place have been strengthened and businesses need to provide more transparency when declaring how data will be used before it is collected. The EU’s data protection authorities intend to give people more control over how companies use their data. It has become a daily routine for the average person to sign up for services online and offer personal details out in the process. Larger corporations such as Facebook offer a free service and are trusted amongst the general public due to being a recognisable household name. However, that same large corporation has been involved with data breaches, such as when the Cambridge Analytica scandal back in 2016 hit the news – Over 50 million Facebook users data was harvested to influence the US election so the public authorities got involved.
Who does the new law apply to?
The new EU data protection law applies to both businesses operating online in the EU, and to businesses outside the EU who use EU based data. ‘Controllers’ and ‘processors’ of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. Ref.
What kind of data are we talking about
Any kind of data that relates to EU citizens is affected by GDPR. Name, address, telephone number, email address, IP address – Are all basic data flows which need to be GDPR compliant when stored. As long as the data source can be identified, data protection rules apply.
Be careful when managing data security
When employing an IT specialist or outsourcing your data management requirements, be careful how it is managed. You should ensure that information is only used as intended by the data subject, and also not kept in your systems longer than required.
Can you help with our business compliance?
Yes. If we host your website or any other data, we are able to assist with GDPR compliance. Contact us here. If your website or database is hosted elsewhere and you require assistance to make your website or application GDPR compliant, we can also help. GDPR is going to have a ripple-effect across your online activity which will affect email marketing and social media also. Apart from what we can do, we suggest that you read the above article which explains how to be stringent when tackling GDPR. After all, it is possible to get a fine of €20 million or 4% of your annual revenue – Whichever is higher! For the small to medium businesses we tend to work with in Sheffield, a fine so high would be catastrophic.