What is GDPR?
GDPR is an acronym for General Data Protection Regulation. This regulation says that, by law, businesses must be transparent about the scope for which the collected data is used and how the data is protected.
Does this Affect You?
If your business processes consumer data, in any form or capacity, you need to be GDPR compliant. Simple.
How to Ensure Compliance
If your business’s primary function is to collect data, I recommend you hire a GDPR Specialist and hold GDPR Trainings for staff along the data pipeline. Your organizations may need to seek independent legal advice for specific legal issues or concerns.
Understanding theses key terms recommended from Claudiu from CodeinWP is the first step:
- Data subject – a natural person whose personal data is processed by a controller or processor.
- Data controller – the entity that determines the purposes, conditions, and means of the processing of personal data.
- Personal data – any information related to a natural person or Data Subject that can be used to directly or indirectly identify the person.
- Data processor – the entity that processes data on behalf of the Data Controller.
- Art. 5: Principles relating to the processing of personal data.
- Art. 6: Lawful bases of personal data processing.
- Art. 12 – 22: Data subject rights (access, data portability, right to be forgotten, etc.)
- Art. 25 & 32: Companies should implement the necessary protection measures to protect the personal data of the data subject.
You must remember that being GDPR Compliant also means you must have procedures to keep the data safe from hacking, accurate and up to date, and even delete it after a period.
Who Regulates GDPR?
GDPR enforcement began on May 18, 2018. UK’s Information Commissioner’s Office(ICO) enforces GPDR
An investigation will be launched and an audit ensures. If do not pass the audit the ICO will send you an enforcement notice force you to get rid of all data collected illegally. If you do not rid fo the data, the ICO will enforce maximum penalties which are either 20 million Euros or 4% of the worldwide revenue – whichever is higher.
An investigation typically begins because of consumer complaints.
GDPR Compliance Strategies
- If your business’s primary function is to collect data, I recommend you hire a GDPR Compliance Specialist and hold GDPR Trainings for staff along the data pipeline.
- “Understand how data moves through your organization”
- Have procedures for data breaches
- Revisit or create operational policies and procedures
“Some consultants we talked to say that there is no such thing as being 100% GDPR compliant. It’s more about taking a look at data and processes from an “ethical” standpoint and not as much about “tools” or “checklists”.”
“This is why GDPR puts more responsibility on organizations and increases the rights of individuals.”
“What you need to know here, is that another European regulation (ePrivacy) is coming out which will legislate cookies even more.”
“The GDPR will require some organizations to designate a Data Protection Officer (DPO). Organizations requiring DPOs include public authorities, organisations whose activities involve the regular and systematic monitoring of data subjects on a large scale, or organizations that process what is currently known as “sensitive personal data” on a large scale.”
*This is not legal advice.*