Over the past few weeks, you may have received a flurry of emails from companies that you’ve purchased from or are subscribed to – all informing you of updates to their privacy policies.
If you haven’t already heard, that’s because a European privacy regulation called the General Data Protection Regulation (GDPR) came into effect om 25 May 2018.
What is the GDPR?
The GDPR is a regulation to that protects the rights of citizens in Europe when it comes to their personal information. This means that while you can still collect users’ personal data, you’ll need to be a lot more mindful of how you use that data – especially if you’re profiting from it.
The penalty for non-compliance can be high – up to 20 million Euros – so be sure that you maintain compliance through your business’s lifetime (and not neglect this aspect of your operations after putting in all this hard work at the beginning).
What rights does the GDPR cover?
These are the 8 personal rights contained in the GDPR that every business must comply with. Make sure your company complies with all 8 requirements, and continues to do so after updates to your systems, software, or business processes.
- The right to access: Individuals must be able to access their personal data at any time, and know how their data is being gathered and used. Make sure you communicate this requirement to all your staff, especially those in customer-facing roles.
- The right to be informed: When it comes to gathering users’ data, implicit consent is no longer applicable. Your users need to give their explicit consent in the form of opt-in forms or other methods of consent.
- The right to have information corrected: Under the GDPR’s regulations, you must give users a way to update their information at any time.
- The right to data portability: Your users have the right to transfer their personal data to another service provider. What this means for you, is that your user data has to be in a readable format that another service can understand when they receive it.
- The right to restrict processing: Even if you collect a user’s data, they can now maintain the right to restrict your business from processing it. This means that you can have it on record, be cannot use it.
- The right to object: Users have to right to object to their data being used for direct marketing purposes at any time, and when requested, you must stop using their data for this purpose immediately. A simple solution for this is to include an “unsubscribe” option in every marketing email you send out, and possibly include a way to do this on your website or via email as well.
- The right to be notified: If your business has been hit by a data breach that may have compromised user information, you must inform your users of this within 72 hours of the breach.
- The right to be forgotten: Just because a user or customers has given their consent once, no longer means that consent lasts forever. If any individual wishes to leave your service, they may withdraw their consent and ask for their data to be deleted.
Keep everyone in your business updated
The GDPR affects everyone, not only companies in the European Union (EU). Even if your business is based outside of Europe, you could have European users that make your business fall under this regulation. Be sure to communicate these requirements to everyone in your organisation – whether they’re in the same office as you, are contractors who work remotely, or if they’re based overseas. Doing so is simple, with video conferencing tools from Angage that make online meetings just as effective (and even easier to set up) than face-to-face meetings. Need more help understanding the GDPR or audio/video/web conferencing solutions? Speak with your local Angage team for a friendly (and free) consultation session.