back
GDPR – Will This Four-letter Word Change the Digital Economy?
Cloud Data Security Strategy

GDPR – Will This Four-letter Word Change the Digital Economy?

By Syed Zainul Haque May 29, 2018 - 2,221 views

It’s been a confusing few weeks this month, especially with most people learning about the General Data Protection Regulation (GDPR) only now. The GDPR aims to empower European citizens with data privacy rights and personal information privacyIt applies to not only the citizens of the European Union but also to residents of the EU. GDPR also applies to companies that may indirectly deal with the residents of the EU one way or another.

In this article let us learn what GDPR is, what the implications of the new regulations are, and what you can do to comply with it.

What is GDPR?

With rising concerns about data privacy and rights regarding personal information of individuals, the framework for GDPR has been around for quite sometime. However, the regulators rolled the new rules last week, and almost all businesses that deal with data have to comply with them.

The GDPR seeks to empower residents of the European Union with rights related digital information and personal data. It specifies how long data can be stored, how it can be used, with whom data can be shared, and how that data is going to be used. As personal data is used by almost all companies and businesses for a variety of reasons such as marketing, product development, client service, etc, every department and business is going to be affected.

The most important aspect of GDPR is its insistence on consent. Not just any consent, but GDPR requires companies and businesses to posses affirmative consent. This means, individuals have to provide affirmative consent for their personal data to be used and there needs to be documented evidence for the consent that is procured. GDPR also requires all companies to update their terms and conditions in simple language that can be understood by everyone. Legalese and jargon will no longer be allowed while seeking consent for using personal data.

The purpose of GDPR is to make it all transparent, ethical, and safe for individual users. In short, GDPR seeks to:

  • Enforce restrictions on how personal data can be used
  • Makes affirmative consent mandatory for data to be used
  • Privacy terms and conditions should explicitly state how data is going to be used, for long, and with whom it will be shared
  • Larger companies may have to hire a data control officer
  • Immediately notify authorities when there is a breach of security to personal data
  • If the breach of security is huge, the data control officer needs to work with the business concerned
  • Cookies, and other forms of technology and software tools that track behavior or personal information need to have consent form too

How is it going to affect businesses?

Most businesses will feel the effects of GDPR in the near future. Software companies, marketing agencies, companies that take up outsourced projects, etc. will be affected by the GDPR. E-commerce industry will be affected too, as they collect information related to their customers, behavioral statistics, and web traffic information.

In short, any business that uses customer information will need to comply with GDPR, especially if the company uses English or other European languages such as French, German, Spanish, etc. Each company or organization will need to seek explicit consent from each customer and document that consent for possible audits.

What about the grey areas?

Yes, there are many grey areas involved in GDPR. Most legal experts aren’t sure how GDPR is going to play out, and what its implications will be on Blockchain, artificial intelligence, data analytics, machine learning, data generated by the Internet of Things-enabled devices, etc. It is also unclear how actively the regulators are going to pursue companies that are based out of the EU, unless they are bigwigs like Google or Facebook. Moreover, there are rumors that many legislators feel the GDPR cannot be easily enforced outside the European Union, giving rise to greyer areas within the already grey areas.

What businesses need to do now

It is not all doom and gloom, and businesses can quickly comply with GDPR regulations. It takes little effort to understand how GDPR is going to affect each company, and working with a lawyer is aware of data usage rights should be able to help business owners. There are many things that businesses can do in order to comply with the GDPR.

In short

  • You will need to stop using email lists that have been purchased
  • Contact all customers, email contacts, and leads to seek their permission for their data to be used
  • Redevelop and redesign website forms and contact forms
  • Hire a data protection officer if necessary
  • Document consent of your contacts to prove you can use their personal information such as gender, age, email address, contact information, etc.
  • Seek legal help all along. A lawyer specializing in data privacy is your best friend at the moment.

Looking ahead

Though GDPR seems like a scary and confusing situation, it is an opportunity for you to revisit certain terms and conditions, and ensure that you are dealing with your customers in a transparent manner. It is also a great time to get rid of unwanted data, remove unwanted or useless contacts, and become a leaner organization. However, make sure you seek legal help. Also, speak to web developers who can help you update your website forms, content, and terms and conditions. If need be, hire a data protection officer as well.

Meanwhile, the Internet is littered with hilarious memes and tweets regarding GDPR. Here are a few that we found funny, but realistic nonetheless. Take a look at them, while you work on your GDPR compliance goals.

Want to know more about GDPR? Here’s what experts say about GDPR, the threats, and opportunities resulting from GDPR, how it will reshape the data protection strategy and more.

Privacy Awareness is always Good for Businesses – Demystifying GDPR

Page Scrolled