What Is The GDPR?
The General Data Protection Regulation (“GDPR”) is a set of regulations in the European Union (“EU”) regarding data protection and privacy. Its main goals are 1) to protect EU citizens from corporate misuse of their personal data and 2) to give individuals more control over their personal data. The GDPR imposes strict rules on the controlling and processing of personal data. If your company’s website collects and stores user data, take the time to understand these new requirements and your rights in relation to the GDPR.
The GDPR was approved in April 2016 and, after a two-year compliance window, came into force in May 2018. It applies to companies within the EU and, if a company offers goods or services outside of the region, it applies to those places as well. As such, the GDPR has impacts far outside the EU.
- Conditions of consent have been strengthened. Companies can no longer use vague language to trick customers into sharing personal data.
- Consumers must approve each separate use of their personal data.
- Companies must notify their data protection authority about data breaches within 72 hours of becoming aware of the breach. The processor must then alert customers about the breach “without undue delay.”
- Consumers can access their personal data, find out how their data is being used, and ask that their data be deleted at any time.
Are You In The Clear?
- What type(s) of personal information do you hold?
- What are your data sources?
- How is your data stored? For how long?
- How is your data used? Do you sell it to third-parties?
- Do you have a consent policy separate from your Terms and Conditions?
- If so, is your customer’s consent active, affirmative, and easily withdrawn?
- Are your employees trained to spot a personal data breach?
The GDPR applies to all companies, but the hardest hit are those possessing large amounts of customers’ personal data, including technology firms, marketers, and research firms. Contact G & G Law to cover your tracks with these new developments.