GDPR is Knocking on the Door. Are you Prepared?

GDPR is Knocking on the Door. Are you Prepared?

GDPR – probably the most commonly discussed topic by companies and marketers for the past few weeks. Simplified, the General Data Protection Regulation is the outcome of the EU’s actions to strengthen and unify data protection for individuals and give them back the control over their personal data usage. Organizations and agencies are now doing their best to comply with all the rules and requirements that have to be fulfilled regarding personal data and privacy protection. In case you rely on the Internet to operate your business, you will be definitely affected by the changes that will occur after 25th May 2018. There are quite a few things you should know and take into account in case you want to avoid huge fines and losses. Here is your to-do list in order to get prepared for the upcoming issues and be able to communicate properly with your existing and potential customers.

What you should know:

  • GDPR is a single common regulation for the whole European Union
  • GDPR will be applied to all EU member states at the same time
  • GDPR applies for companies that: have a subsidiary within the EU; sell goods and services to EU residents; monitor and analyze the behaviour of EU residents
  • “Personal data” means: names; photos; e-mails; posts on social media; IP address; bank details; medical information, and any other information that allows a person to be identified directly or indirectly
  • The way you implement the regulations is being monitored and controlled by a data regulator assigned within every member state
  • Not complying with the regulation could result in up to €20 million or 4% of the global annual turnover of your company

What you should do:

  • Make an audit of the personal data you have: where is it stored; how it is being processed; how you inform people about it;
  • Keep records of all the processes of accessing and using personal data by individuals or software within your organization
  • Be able to guarantee and prove that the personal data you handle and process is secured
  • Identify the data regulator in the country where your company operates
  • Ask your customers for their unambiguous consent when you want to use their personal data
  • Be able to prove you have a person’s consent to process their personal data
  • Tell you customers about all the processes and the purpose you want to use their personal data for, and the terms for data usage and storage
  • Make sure the data you collect is necessary and shows the legitimate interest of the individuals in your business
  • Ask your customers before providing their personal data to third parties
  • Be ready to provide a copy of all the personal data you have of a person in case they request it
  • Be able to delete all the personal data you have of a person if they ask for that
  • Be able to report any identified data breaches to data regulators and customers within 72 hours
  • Train all employees within your organization that will have access to any personal data
  • Update all the systems that handle and process personal data within your organization
  • Appoint a data protection officer in case your company deals mainly with data monitoring and processing
  • Make sure your suppliers and partners can handle the personal data you provide them properly
  • Revise your marketing activities – do not approach individuals who have not shown legitimate interest in your marketing activities; make your marketing more transparent so that your customers can really notice the value you bring to them; from now on you need a person’s consent to start advertising to them, not their request to stop doing it;

Can you neglect the GDPR?

Implementing the GDPR is neither a recommendation, nor an advice. It is a must for every business that deals with individuals who are residents of the EU. Not complying with the new rules after 25th May 2018 is very likely to result in fines and high levels of financial and other losses for businesses. Furthermore, initiating the above changes in your business activities would ensure you better positioning among your customers. Do you need another reason to start acting now instead of waiting for the deadline? If you need any assistance or a consultancy about GDPR and your hosting/domain business do not wait any more and contact ApiHawk