The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 for the EU. It means that businesses will need to be much clearer about the information they hold on people and give them more control over it.
Legally this law change is only applicable if you have EU customers. But with growing global support we see this becoming something we all need to work towards. It’s actually an opportunity to build trust with your customers.
When we put on the hat as an individual, this is actually a good thing that has come at a good time!
If we have more trust in our rights and what is being collected it will in turn provide better service and advances in technology.
Consider Siri, Alexa, Ok Google, etc - these apps are listening to everything you say.
So given the acceleration of technology this change is needed and you need to be aware of its relevance to you.
What is it?
Below are the key highlights, but please get in touch if you have any questions or would like us to help.
Individuals have more rights in the following areas.
Opt-out is no longer acceptable. Consent needs to be freely given, specific, informed and unambiguous. People must also know exactly what they are agreeing to and that they must be informed in advance.
2. New Rights for Individuals
The right to be forgotten. Access for individuals to easily delete any recorded information.
The right to data portability. This gives people the ability to demand a copy of their data or what has been recorded in a common format.
3. Access Requests
There has always been a right for people to request access to their data. But the GDPR enhances these rights. In most cases, you will not be able to charge for processing an access request, unless you can show that the cost will be excessive. The timescale for processing an access request will also drop to a 30 day period.
People’s data security needs to be considered “by design”. This includes collection, storage, transfer, or use. Do you need to store that customer information? Are you passing the data to any 3rd party providers? Is your data security aligned to best practice?
Happy to talk!
Please get in touch if you’d like to chat more about getting your website to comply with GDPR.