GDPR is EU regulation in effect since May 2018 setting rules around the use of personal data and at the same time giving all EU citizens rights to control who can collect and use their personal data.
In summary your organisation and all other organisations serving the EU market need to comply with 3 core rule sets:
- Provide transparency to all involved (customers, staff, suppliers and regulator) on
- (a) what personal data you handle
- (b) each business purpose for which you use personal data
- (c) with whom you share data
- (d) which security & privacy measures you have in place
- (e) what rights those involved have
- Minimise personal data usage
- limit the use of personal data to strictly those items that are necessary to achieve the documented business purpose
- Demonstrate appropriate security & privacy measures
- You need to be able to demonstrate your organisation has the appropriate security and privacy measures in place both on the technical side (around systems, software, networks etc.) and the organisational side (e.g. training, code of conduct etc.)
WHY SHOULD I CARE ABOUT GDPR
Well, first of all EU regulation is law, so complying with GDPR is as mandatory as submitting corporate accounts. But there are a few other good reasons to taking GDPR seriously. First of all getting your GDPR in order is not that hard (and we can help of course) and it also holds some real business benefits.
- Identifying redundant or duplicate data processing allows you to reduce costs
- Addressing deficiencies in data security & control measures allows you to reduce the risk of data breaches & hacking
- Customers are taking their personal data personal, breaching their trust is likely to impact your business
- Any of your customers, staff or suppliers can challenge you on the use of their personal data, and if need be file a complaint with the national regulator after which the regulator will engage you to seek resolution.
- Last couple of years the world’s biggest technology firms have been under scrutiny and have received hefty fines. Going forward the focus for the regulator is to raise awareness with the small & medium sized firms and bring them in line.
- Surely you want the personal data of your customers and staff treated in the same way you want your own personal data treated i.e. with care
Getting your GDPR in order is not that hard and we have made it super easy for you, but it needs your attention and a bit of your time. Just check out our How it Works page for more information.