What is it?
The General Data Protection Regulation (GDPR) is a new set of laws intended to protect the personal data of citizens residing in the European Union, which goes into effect on May 25, 2018.
Below is a summary of select aspects of the law. Consult a lawyer and the EUGDPR website for more detailed information on the law’s requirements.
- Companies can only collect and use personal data for specific, stated purposes which an individual can opt-in to.
- For example, if your website contact form contains fields for email and mailing addresses, you must seek explicit, separate opt-ins for both email marketing and direct mail marketing.
- Companies should only request and collect information that is necessary for a specific purpose. Don’t request mailing address if you don’t plan on mailing anything.
- Blanket opt-in language or opt-in language that is overly technical is not compliant.
- It must be as easy to revoke consent as it is to opt-in. Upon request, personal data must be deleted.
- Personal data can only be stored for as long as necessary to serve its stated purpose.
How does it affect my business?
You may be wondering why an EU regulation is important to your business. These laws apply to the personal data of anyone living in the EU, regardless of the company’s location. That means if you have any customers or contacts who may live in the EU, these laws likely apply to you.
Fines for violations of these laws can be as high as 4% of annual global turnover or €20 million, whichever is higher.
What should I do?
These laws going into effect in less than two months – if you haven’t already begun working towards compliance, now is the time to get started. Below are a few steps you can take:
- Consult a lawyer or technical expert to help you fully understand the law as it applies to your business.
- Work with your team to modify your processes to ensure compliance. Be sure to include all parties who deal with personal data including marketing, HR, and sales.
- Update your terms and conditions and opt-in forms as appropriate.
Confirm that any third party vendors or consultants that you work with are in compliance.