Over the past week or so, you’ve probably been seeing a lot of emails come into your inbox asking you to re-confirm your subscription to a certain newsletter or business’s online resources. This is because of changes to data protection regulations in the European Union. Now you might wonder, “I’m not in the EU, how does this apply to me”, well we are going to break it down and how you can implement it to make your customers here feel more at ease about implementing the changes due to GDPR. Undoubtedly, other countries will follow suit with similar regulator changes.
What is GDPR?
The General Data Protection Regulation (GDPR) defines a set of rules and regulations on data protection enforced on all individuals and businesses within the twenty-eight member states of the European Union (EU). Adopted in April 2016 by the European Parliament to replace the outdated data-protection standards of 1995, the GDPR is geared at setting a new standard for data rights and privacy, addressing the issues of exporting private data out of the EU and giving individuals control over their personal information.
Scope and where it is applicable
Although initially structured only to affect citizens in the member states of the EU, the GDPR has without doubt equally impacted countries outside of Europe. Because its principal goal was to regulate the online business environment, hence supporting its businesses home and abroad, GDPR’s coverage extends to foreign companies processing the personal data of residents of the member EU countries.
Because almost every online social, business and marketing platform is based on and requires online data like personal information, credit card numbers, the GDPR applies to every marketing and social platform requiring personal data.
Summarily, most companies in the European Union, as well as many other international companies, are impacted by GDPR compliance since in one way or the other they all infringe on the rights of data subjects.
Why change the rules?
While there were already rules protecting data, the Data Protection Direction 95/46/EC of 1995, many thought these were outdated. This was because:
- Over forty-three percent of online users do not want their personal information to be accessible to companies.
- About fifty-seven percent of Britain’s online users are uncomfortable about sharing their personal information.
- More than fifty percent of fraud-related incidents in the past year were cyber-related.
- The former data-protection rules restrained digital business and marketing advances.
- The new rules will harmonize data-protection regulations in the European Union enabling business in and out of the EU to adhere to the regulations, as well as making consumers more comfortable about the control they have over their data.
Advantages to Consumers
Aimed at being consumer-loving, the update GDPR presents a couple of advantages to its users among which are:
- Consumers will be more confident and trusting about their investments and where they share their information.
- Consumers will have the right to demand for the data businesses and enterprises have on them.
- Businesses will improve on customer services, improving how they manage their clients’ information.
- Enterprises will strive to gain and build trust in adherence to GDPR services.
Impact on Businesses
Slated to be implemented as from May 25th 2018, it goes without saying that the GDPR will greatly affect the manner in which businesses process and store both client and employee information, at the risk of paying severe penalties should they fail to comply. Within the UK alone, a significant amount of small business owners appear to be unprepared for the change, probably because of their ignorance of the consequences for non-compliance to the regulations.
By harmonizing data-protection regulations in the Eurpean Union, the GDPR enables non-European businesses to adhere to its regulations. This is especially necessary as there are penalties for non-compliance amounting to up to over €20 million globally. Also, because it is a regulation, it is applicable and binding without the need for support or legislations by any national governments.
In addition, compliance to GDPR has specific criteria amongst which are: the business must have a representative in an EU country or use the personal data of European citizens or residents, and a minimum employee number of two hundred and fifty. Adherence to the GDPR is also applicable if in spite of there being less than 250 employees, the data processing impacts the rights of the subjects possessing the data.
While statistics have demonstrated that many companies have ignored the potential impact of GDPR compliance on their businesses, it is obvious that the impact of GDPR on businesses will require improvements on how customers’ data are processed, stored and protected. Not only will there be a need for consent by the individuals concerned, businesses will be required to delete personal data upon request, as well as report any cases of data breaches within three days.