GDPR – you might have seen it mentioned on the web. You may think it’s a new way to say ARGH! It could be a writer’s attempt to put the sound of grinding teeth into words. Perhaps it’s a form of public relations for Geena Davis.
Or it can be none of these things. And that might be the issue right there. The message isn’t getting to the ears and eyes of the people that need it the most. You or your organisation may be one of these people.
That’s why Webcoda are grabbing GDPR and explaining it for you in terms that might influence how you and your organisation approach your web and online relationships in future
What is GDPR?
Try not to glaze over. Perhaps a coffee might help? Grab a biscuit to keep the sugar levels high. We know acronyms can seem like yet another beige thing to add to the old brain banks. GDPR stands for General Data Protection Regulation.
Yep, swig the coffee and let’s keep going. It's actually quite fascinating once you get into the swing of things.
The European Union wants to unify data treatment. In an increasingly data driven world, you may have seen many an article about the variations between one company to another and how they treat your data. Belgium made headlines recently by winning the right to prohibit Facebook from profiling their citizens
that weren’t actual members. There are other mutterings too about the sale of personal information, the length and breadth of remarketing efforts and the use of data on individuals as a commodity. What the EU hopes to do with the GDPR is to bring the rights over personal data back to the people.
We all leave a trail of data on the internet. Every search we do, every platform we log into, many platforms are watching you. This isn’t a wonderful excuse to use Police lyrics in a blog, either. We’re increasingly mapped and mobbed by companies that use our data to create, influence and manipulate our internet experience. You might find yourself checking out a TV show with a friend on Facebook and suddenly find their content popping up in your search. Or in the sidebars of your email.
As users, we’re trackable by everything from commercial organisations to old girlfriends, policing organisations and anyone that knows how.
The EU didn’t feel so comfortable with this idea. So, they passed the GDPR in April of 2016 to try and restore the balance of privacy and transparency.
This is when it starts to influence us as individuals and companies in real time. May 28th
, 2018 is the date the GDPR will begin. You need to be ready.
It means a new set of rights for digital citizens. And it means compliance to these rights for non-EU and EU based companies alike.
Why is the GDPR relevant to Australian organisations?
Take a bite of that sweet, sugary biscuit and pop on your “consider this” hat.
The first reason is if you have any business relationship, marketing, offices or ties to the EU, you will now have to modify to meet the requirements of the GDPR. No longer can companies claim they are governed by their headquarters in Australia or USA as a means of avoiding the appropriate treatment of data. As the rights are given to the citizens of the EU, corporations have to play second fiddle. Oh, and Brexit doesn’t change this
, either. So, it’s time to sit up and take notice.
Secondly, it includes “the right to be forgotten”
as part of the GDPR. This means that citizens of the EU can exercise the privilege of not leaving a bunch of biscuit crumbs for marketers and organisations to follow. Google has been scrubbing records to ensure compliance. And both those that process data on behalf of a controller of data records as well as the places that control data records are liable.
If data is used in your marketing, creation of personas, provision of products, servicing other clients and more, you need to sit up and take notice. Directly or in-directly, the data buck stops with you when it comes to the EU.
Enforcement is more than split milk
You can’t blame people for having a wee bit of cynicism when the world (or sections therein in this case) unite to say “NOPE!” There are always conversations about what can realistically can be done and how toothless these sorts of ideas can be. Especially in the face of big data hungry entities such as Google
and Facebook. However, the enforcement of the GDPR is nothing to sneeze over. Try not to splash any milk when re-loading your tea and get a load of this: There is a tiered approach to fines. But if you breach them in a major way, you’ll pay 4% of your global annual turnover or 20 million EURO. Whichever is the higher of the two. A smaller fine of 10 million EURO or 2% applies to “mishandled data”. Clouds are not exempt from the fines. There will be varying degrees of fine based on what has happened, and they can apply to:
- Data breaches – intentional or not
- Mishandling data
- Not having your records in order
- Not notifying the supervising body of breaches
- Not having enough and/or clear path to consumer consent
- Breaching the Privacy by Design regulation
- Misinforming customers of data usage after collection
The list goes on. And the message is clear- you must ensure you know how, when, why and by whom the data you have on customers in the EU is being used. And you can’t claim ignorance or leaks in the chain to owning data as a means of ducking penalties.
Any EU customers must know how you are treating their data. And their data can be everything from their photo to their ID, commercial records, medical information, address, email information, social media usage and membership or the IP of their computer.
If you offer goods and services and/or monitor the behaviour of individual citizens within the EU and their data, you must comply with the GDPR.
What should your organisation's approach to GDPR be?
It’s always better to be proactive and review the changes then decide that being Australian might mean your organisation doesn’t need to worry. As this is about individual rights of customers, we’re urging all organisations to use this time to review current policies and practises.
Run the coffee pot dry and nervously chewing at your fingernails in lieu of biscuits? Don’t let GDPR overwhelm you or your organisation.
While there’s no chance of it not happening or the deadline moving, you can ensure that your business is compliant.
In our next blog, we’ll discuss what is needed to take your EU operations to GDPR friendliness with simplicity and ease.
Can’t wait that long? Call Webcoda for advice on how to overhaul your business to meet the EU’s GDPR regulations now.