You Must Have Heard About GDPR, but the Devil Is In the Details

There’s been an interesting thread circling my corner of the internet for the last week or so. It started with a question: What if GDPR comes into effect? The forthcoming arrival of EU‘s General Data Protection Regulations (GDPR) is something that’s keeping many business owners awake at night. Whereas, those who aren’t aware of it might find it a simple inbox-clogger that says the privacy policy has changed .

Well, GDPR is set to bring a massive overhaul in data protection laws for EU citizens with effect from May 25, 2018. The new regulation will override the existing Data Protection Act (DPA) of 1998. By employing similar concepts and underlying the foundation, the act seems to be more focused on strengthening data privacy. Under GDPR, organizations that are located in the EU or that process EU citizens will have to get specific consent from data subjects for data collection and will have to immediately inform them about breaches.

Well, let me put it in simple words. In today’s era, we send emails, share documents, pay bills, purchase goods by entering our personal details without a second thought. But have you ever wondered how much of your personal data is shared online or what could happen to that information? Information as in, banking information, contacts, addresses, social media posts, and even your IP address and the sites that you’ve visited are all stored digitally.

According to Companies, they collect such information in order to serve you better buying experience. But do you think is it true? Do you think this is what they really use such crucial data for? Fortunately, our questions have been answered by EU by enforcing GDPR making permanent changes in the way businesses collect, store and use customer data.  

So, What Is GDPR?

Implemented in all local privacy laws across the entire EU and EEA region, the General Data Protection Regulation is successfully applied to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It says that citizens of EU and EEA will now have a great control over their personal data and assurances that their information is being securely protected across Europe.

The exact definition of personal data according to GDPR is that any information related to a person such as a name, a photo, an email address, bank details, and updates on social networking websites, location details, medical information, or a computer IP address. The person is the person- it doesn’t matter whether the personal data about individuals is in terms of private, public or work roles.

Individual’s Rights Include

• The right to access– Being an individual anyone can request access to their personal data and to ask how their data is used by the company after it has been gathered.
• The right to be forgotten– If the customers is no longer your customer or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.
• The right to data portability– Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine-readable format.
• The right to be informed– As the name implies, any gathering of data by companies and individuals must be informed before data is gathered
• The right to have information corrected– Data can be updated if it is out of date or incomplete or incorrect.
• The right to restrict processing– Anyone can request that their data is not used for processing. Their record can remain in place, but not be used.
• The right to object– The right to stop the processing of their data for direct marketing. No exemptions to this rule and any processing must stop as soon as the request is received.
• The right to be notified– In case of a data breach, the individual has a right to be informed within 72 hours of first having become aware of the breach.

Its business implications include

The new data protection regulation puts the consumer in the driver’s seat. Yes, GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. You will be quite interested to know that even a non-EU established organization that offers goods or services to citizens in the EU will be subject to GDPR. There are tough penalties for those who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.

Impact On Customer Engagement

Obtaining the consent of an individual is not an easy task anymore under GDPR requirements. Due to right to withdraw consent at any time, the consent will not be valid unless separate consents are obtained for different processing activities.

In layman’s language, one has to prove that the individual agreed to a certain action, to receive a newsletter for instance. Assumptions are the mother of ALL goof-ups! So, do not assume!

In the B2B world, salespeople meet potential customers at a trade show or exhibition. There they successfully exchange business cards and add the contacts to the company’s mailing list. In 2018, it is not possible anymore. Data is the new valuable currency across the globe. GDPR does create challenges and pain for us as businesses, it also creates opportunity at the same time such as improved reputation, Cyber Safe that leads to greater customer loyalty, accurate data and what not!

Love it or hate it! You simply won’t be able to ignore it!