What is GDPR and why is it compulsory?
We’ve probably all heard about GDPR and the fact that it has to be implemented before the 25th of May 2018. However, how many of us are already compliant with the new regulations that GDPR imposes? Today we’re dealing with a serious topic that’s essential for most of the sites.
GDPR, General Data Protection Regulation, was approved within the European Parliament on 14th of April 2016, the due implementation date being 25th of May 2018. Whoever will be found not to be compliant with the new regulations regarding data protection will suffer quite large fines, in some cases risking getting as high as a certain percentage of the fiscal value.
It was expected of the GDPR to appear within EU’s virtual space, especially due to the way technology has been evolving, implicitly the growth of marketing and e-commerce industries. In a world where we bump into commercials at each step, in a world where information that should be private become public. In a world where we check-in at a hotel on a social media platform so that the world can see where we took shelter and in which city we currently are. Or whenever we post a picture online, exposing this way our private information, that are only about us. Information that can be, unfortunately, manipulated and used for less ethic purposes, just as it happened with one of the biggest social media platforms worldwide.
What purpose does GDPR serve within the European virtual space?
GDPR has the aim of regulating and strengthening data protection at a European level. All the companies and websites that have their headquarters within the EU will have to be compliant with the new regulations. Regardless if we talk about an online shop with a strong e-commerce or a small blog that offers the possibility of subscribing to a newsletter, everyone will have to be compliant.
What are the most essential changes that GDRP brings?
1. All the websites that are on EU territory and that work with personal data have to be compliant, regardless if the entity/ department that processes the data is on EU territory or not. If the headquarter is within the EU, the rules apply. Just as these will apply for all the sites that process data of clients/ users from the EU. All in all, everyone.
2.Each company will have to designate an officer responsible with the data protection, if the object of activity is under GDPR jurisdiction. In these situations, there will be an audit at a GDPR consultancy firm that will confirm whether you require an officer responsible of data protection or not. Although, as a general rule, all the companies or institutions processing personal data that is more sensitive than merely an email address or phone number, will have to use the services of a GDPR consultancy firm for an audit.
3.The fines for not being compliant are rather high. Actually, the fines might reach up to 4% of the fiscal value of that year, or 20 million euros, whichever is the highest. If until now the legislation has been more relaxed and more flexible, starting with 25th of Mat 2018, data protection becomes extremely strict.
4.Each act of processing personal data needs to have the user’s agreement, regardless of the action. The users has to be informed regarding the processing of his data and has to agree with it, within a form that has to be easy to read and straightforward. Also, each user has to have the possibility of giving or taking back his agreement, at any stage, without any problems.
What practical changes will GDPR bring to my company?
The only change is that from ow on you will have to inform the users that his or her data is going to be collected and he or she has to agree with this. Say, if a user wants to subscribe to the Digital Life Solutions’ newsletter (which we highly recommend), he will be informed of the fact that his data is bound to be processed.
Basically, many sites have already implemented this, through having a page especially dedicated to the protection of the processing of data, so most of the people will not be affected by these new regulations.
However, what is new for everyone is the existence of an officer that is responsible with data protection. This person can either be an employee of the company or a collaborator. Before hiring such an officer, though, it’s essential to use the services of a company that is specialized in this field. We merely deal with creating websites, optimized and having a word to say in the world of the internet.
Although the topic might have been covered in mystery, it seems that GDPR is merely a set of regulations meant to aid the user and it does not affect the companies that took this sensitive topic of data protection seriously.