The new EU General Data Protection Regulation (GDPR) came into effect on 25.05.2018. The regulation is the biggest and most important change in privacy regulations in 20 years, and redefines the terms on how businesses must now protect information on their customers and employees. The change in regulations is so important that EU founded a website devoted to GDPR and launched multiple training programmes.
GDPR emphasises the importance of safe information processing and many companies are expected their customer registers fully online. It is crucial for marketing and sales professionals to be familiar with the new regulations.
The purpose behind the regulatory change is to unify the personal information processing practices within the European Union. There are main two reasons for this. First, EU wants to give its citizens more power over the use and management of their own personal information. Second, EU wants to provide businesses with a more concise and simpler legal environment to operate in, whereby the data protection regulation is the same in all local markets. The change brings many benefits and rights, but also increased levels of responsibility and liability. The responsibilities and liabilities are determined by the position of the business, i.e. is the business a processor or controller of personal information.
The key changes
Right to be Forgotten and Subject to Consent
The regulation will apply to every business and limit easy and sometimes even questionable practices of collecting information on their customers. EU member countries and citizens are entitled to the right to demand businesses to remove all their personal data from their registers. Collecting customer information, removing it, or transferring it to any other platform must be clearly stated when the customer first provides the company with his/her information.
Data Protection Officers
It is recommended for businesses to elect a Data Protection Officer. This is not compulsory for all companies but tends to make their operations significantly easier. It is beneficial in many cases to have someone in the company who is an expert in data protection issues.
In case of an information breach, the company is liable to notify the authorities within 72 hours of noticing the breach.
For infringements and negligence companies can be fines up to 20 million euros or four percent of the previous year’s annual global turnover, whichever turns out to be greater.
Records of Processing Activities
Businesses and organisation must be able to show that legal demands are met, and all relevant risks are appropriately accounted for.
So… How exactly do companies benefit from the new regulation?
Although it may first seem like businesses are burdened with only increased responsibilities and liabilities, the regulation may bring along some benefits, too. Namely, businesses must finally organise their data. This may prove to a more than fruitful activity: organised data may provide the company with valuable key information about their customers. Information is power – a deeper customer insight allows for better customer care, better targeted marketing, and more successful sales.
Another benefit from the unified regulatory frame is that it simplifies the process of conducting cross-border business. While the companies used to be forced to spend resources on complying to every and each individual country’s personal information legislation, the process can now be streamlined, saving money and efforts.