How does your business handle personal customer and employee data?
Whatever industry you work in, you’ve probably heard the words GDPR a lot over the past few months. It’s one of the most important pieces of legislation for 2018, and will impact on pretty much every business to some degree.
When it comes into force in May, GDPR will bring in a raft of new regulations that will change the way businesses are allowed to handle personal data. Fail to comply with the regulations, and there could be some serious consequences, including massive fines!
In this post, we take a look at GDPR, examining what it is, what it means for your business, and how we can help to ensure your business is compliant when it comes to online data.
What is GDPR?
GDPR stands for General Data Protection Regulation - a new set of data protection regulations, designed to provide EU citizens with greater control over their personal information, and how it’s used by organisations.
GDPR introduces a number of new rights for citizens, and puts additional responsibilities and restrictions on the way organisations collect, store, manage and share customer and employee data.
What are the new rights and regulations?
GDPR includes a large number of changes, designed to make it easier for citizens to control their personal data.
For EU (including UK post Brexit) citizens, the new rights include:
- The right to be informed about who has their data, what data they have, how they are using it and why they have it
- The right to access this data, in a format that can be easily read (.csv)
- The right to object to data being used or shared for marketing purposes
- The right to correct the details of data held by organisations
- The right to be forgotten, and for data to be removed and deleted
- The right to stop organisations from processing data
Businesses now have the following restrictions:
- Data can only be collected for specific and legitimate purposes
- Data cannot be kept longer than necessary
- Data must be processed and stored securely
- Businesses must process data in a legal, fair and transparent way
- Businesses are limited to collecting only the data needed for relevant processing
Full information about the changes, responsibilities and GDPR regulations can be found at https://www.eugdpr.org/.
Is my business affected?
If your business collects, processes or holds the personal data of any EU citizens (or UK citizens post Brexit), then it applies to you. It applies to all the data you already have, and the data you’re going to collect in the future.
Businesses that collect lots of data, like those with ecommerce sites and those that run any form of marketing campaign will need to be particularly careful and mindful about data collection, processing, management and storage systems.
Fail to comply, or suffer a data breach that leads to the exposure of personal data, and the consequences could be extremely serious. Maximum fines could be as much as 4% of global turnover, or a flat fine of up to €20M – whichever is higher!
What are Eyeweb doing?
At Eyeweb, we’ve already begun to consider the new GDPR regulations when building websites and ecommerce sites, as well as in the delivery and management of e-marketing programmes.
When it comes to the design of our websites, we’re now adapting the way we design data capture and newsletter signups to ensure they are fully compliant. We document all the data we hold, where we got it from, who we’re sharing it with and how it is used, providing a clear map of the data flow for all our marketing programmes.
In essence, we’re ensuring that everything we do, both in house and on behalf for our clients, complies in full with GDPR.
GDPR support from Eyeweb
Want to know more about GDPR? Unsure as to whether your current website or e-marketing systems are compliant.
Give our digital marketing team a call today. Whether you need advice, website amends or a an effective, GDPR compliant e-marketing service, we’re here to help.
For additional information, or to arrange a free, no obligation e-marketing consultation, please get in touch by calling 01482 628830, or by emailing firstname.lastname@example.org today.