GDPR: What? Why? Any impact to the business?
Making Personal Data Great Again!
GDPR — General Data Protection Regulation is a new European privacy regulation. The intention of the GDPR is to strengthen and unify data protection for all the individuals within the European Union. GDPR was adopted on 27th April 2016 and it will become enforceable from 25th May 2018.
GDPR regulation will be applicable to all companies selling and storing personal information about EU citizens. It basically provides a greater control over the personal data. It requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. This regulates the exportation of personal data outside EU as well.
Will this affect my business?
Any business that stores or processes personal information about citizens in EU must comply with GDPR, So If your company has a presence in EU or if you process personal data of European residents, then you obligated to comply with the GDPR. So, in a nutshell, If you want to do business with EU companies and EU citizens you will have to meet the requirements of GDPR or lose EU from your customer base.
What happens if my business is not in compliance with the GDPR?
Penalty is up to 20M Euro or 4% of the global annual turnover (whichever is higher) — so we are talking about big money, if your business is not GDPR Friendly.
What is Personal data?
‘Personal Data’ means any information relating to an identified or identifiable natural person — GDPR Definitions
GDPR provides some examples of the identifiers such as name, identification number, location data, an online identifier to the physical, physiological, genetic, economic, culture of the natural person. But there is no exhaustive list as what is personal data and what is not. If there was such a list, it might get out of date as new data types are invented.
This means you need to decide whether something defines a specific person in your system, If so that is considered as personal data.
This is also affecting the product development and quality engineering aspects. You are not able to use any personal data for you development or testing purposes.
What are the GDPR requirements?
These are some of the GDPR requirements:
- The right to access — Each individual has the right to request access to their personal data and ask how the company is using it.
- The right to be forgotten — If consumers are no longer customers, then they have a right to have their data deleted.
- The right to be informed — Individuals must be informed before the data is gathered and consent must be given freely.
- The right to restrict processing — Individuals can request that their data is not used for processing.
- The right to be notified — If there is a data breach, the individual has a right to be informed within 72 hours of having become aware of the breach.
These requirements will change the way the companies process, store and protect customers’ data. Several requirements will touch the security aspect, so the companies have to provide a necessary level of data protection to the data.
Urrgh, so many things to do — Is it really good for my business?
Of course, there will be an additional cost to make your existing system GDPR Friendly. Here however are a few advantages for your business by having a GDPR compliance system:
Privacy is the key — Privacy data has been protected by different laws in different countries, but it may not has been taken seriously, GDPR will definitely change that. Now companies will need to take extra care on how they collect and store data.
More security — Now the companies have to implement system with high security protocols to protect customer data, So hopefully we may not hear much news about security breaches.
More business — Nobody wants to do the business with a company who doesn’t take care of consumer data. If your company is protecting customer data, taking care of customer data and making necessary arrangements to be in GDPR friendly stage, your company will obviously have an upper hand in the market.
So the GDPR may not a bad thing for your business. It could actually add value!
For more from Chamal, check out his blogon Medium