GDPR is an EU regulation governing the use of personal data, curated in 2016 and implemented in 2018. Bringing these data protection regulations into force gives users full control of their data and how it can be used. Essentially users have the fundamental right to data privacy and the GDPR laws support this.
GDPR covers personal data; information relating to a living person, who could be directly or indirectly identified using the data. Online data, also known as automated digital data and offline data, for example, information kept in files.
Before we delve deep into the world of GDPR, let’s quickly go over some of the basic terminologies:
- Data Subject – Any person formerly residing in the EU who has their data collected, held or processed by a controller or processor.
- Data Controller – The entity responsible for determining the purpose and lawful basis for processing personal data.
- Data Processor – Someone who collaborates with the Data Controller, referring to the individual responsible for processing personal data on behalf of the controller.
- Processing – Any automated or manual operation or set of operations performed on personal data or sets of personal data, including collection, recording, organisation, structuring, storage, adaption or alteration.
- Personal Data – Refers to any information related to a person that can directly or indirectly identify that person as it relates to their private, professional or public life, including a name, email address, photos or even bank statements.
- Obtaining the consent of the data subject – This refers to any ‘freely given, specific, informed and unambiguous indication’ that the data subject agrees to the processing of personal data related to them. Data subjects can provide content with either statement or explicit.
What Does GDPR Cover?
To make things simple we’ve created 2 lists, one which outlines when the scheme applies and one when it doesn’t.
We’ll start with what the protection scheme does apply to:
- Processing data carried out by organisations within the EU
- Organizations outside the EU that offer goods or services to users within the EU
But when does the protection scheme not apply:
- Processing data covered by law enforcement
- Processing data covered by national security
- Procession data covered by personal or household activities
You may be reading this thinking, but what does this mean now that we’ve left the EU? Well, when the United Kingdom officially left the EU this year, when it comes to personal data transfers we became a ‘third country’. Therefore the UK needs to demonstrate to the European Commission that it can provide an adequate level of protection in conjunction with GDPR.
How Can You Keep Up?
It can be hard to keep up with the rules and regulations and ensure that your brand or business is GDPR compliant, so here are a few things that will help streamline the process and make GDPR not so confusing.
- Website Content – When curating your website you must provide the user with a choice to either opt-in or out of all cookies policies. The majority of cookie pop-ups will now have the ‘accept all’ or ‘change settings’ option, allowing users to have complete control of how their data is viewed and handled.
- Social Media – You’ll rarely need to collect personal data over social media. However, if the occasion arises where you need to do so, you must ask the user if they’re okay for you to process their data for contacting use.
What Happens If You Don’t Comply?
Unfortunately, there’s no way of avoiding these new data protection laws. It may seem like a bit of a faff to implement them, but once they’re in place, it will save you lots of time and potentially money.
Failure to comply with the new data protection laws can result in some hefty fines or strict punishments. Not to scare you, but a severe violation could cost your company 4% of your annual turnover!
So no matter the size of your business, it’s essential to ensure that everything you do, digitally, is GDPR compliant.