Now that the EU’s General Data Protection Regulation (GDPR) has come into force, it’s critical that all organisations – even those operating on other continents – understand their obligations under this far-reaching legislation.
Wired.com calls GDPR “one of the most robust data privacy laws in the world”. It’s certainly good news for consumers, who now have the right to ask companies:
- How their personal data is collected and stored
- What their personal data is being used for
- To delete their personal data
Companies also need to obtain customers’ explicit consent before collecting their data.
But how does it impact companies? Will it affect the way you do business and change the way you engage with your customers and potential customers? The simple answer is, “Yes”.
Does the GDPR apply to you?
If you have website users, prospects, customers or contacts based in the EU, then this complex new regulation impacts your organisation.
Under GDPR, personal data is defined as “information relating to a living individual who can be identified or identifiable from that data.” If you collect, store, transfer, use or delete this type of data relating to any EU resident, then you are classified as a data controller/processor and you need to make sure you comply.
At its core, the GDPR aims to ensure that personal data is:
- Collected for specified, explicit and legitimate purposes
- Processed legally, responsibly and transparently
- Accurate and up to date
- Limited to only that which is necessary for processing
- Used securely
Are your compliance efforts up to scratch?
If you are not sure whether the GDPR affects your business, or whether your GDPR compliance programme will withstand scrutiny, we recommend that you get in touch with your legal expert or a GDPR compliance officer as soon as possible to ensure you understand your obligations in full.
The consequences of non-compliance are daunting. Depending on your company structure and the type of compliance failure, you could be liable for a crippling fine of up to €10 million, or 2% of the worldwide annual revenue – whichever is higher.
GDPR compliance checklist: how are you doing?
- Your privacy notice and policy
A privacy notice explains how your company applies data protection principles to processing data. It should be a clear, user friendly and easy for all people to access. You need to be transparent about the data you collect, how you use it, why you store it, and more. Find more details here. Ask your legal expert to assist you or use an online service like this one.
- All forms should have opt-ins
All of your digital forms that collect or process personal data should now have an “opt-in” checkbox, where users can provide consent for using their data. If you’re unsure how to get this right, Kri8it can help you to update your contact forms accordingly.
- Cookie notices should be enabled
This website notice needs to highlight which cookies you store and how you use that information. Kri8it can help you to set up a compliant cookie notice, along with the relevant information.
- Users should have access to their data
On your website, you need to give users access to their data as well as the ability to request that their data be removed. WordPress has plugins that assist with this – and Kri8it can help you to get this set up on your site.
- Users should be able to opt-out of any communication effortlessly
Depending on the services you use, this should already be in place. Kri8it can assist and consult on any instances where this may not be the case.
Need more information? Kri8it is here to help. Get in touch now.