GDPR: What you need to know
David Morel
Founder and CEO of Tiger Recruitment | Investor | Forbes Contributor | Spear's 500 Top Recommended Adviser
The General Data Protection Regulation (GDPR) is set to change how many EU-based businesses, including Tiger, collect and store personal data. Despite not coming into effect until 25 May 2018, its far-reaching implications mean many companies need to start preparing now.
In simple terms, the regulation’s main aim is to give individuals control of their data once more; giving them the right to know how any enterprise is handling personal data.
So what does that mean for a business owner? Quite a lot. But with so much going on, it can be hard to know where to start. Here are five of the most pertinent points of interest worth considering in the next month or two.
1. Explicit, not implicit consent
The age of pre-ticked consent is over – you must ensure that consent is freely given with an affirmative and clear action. Instead of asking consumers to tick the box if they don’t want to hear from a company, you must now ask consumers to tick the box if they do want to receive marketing material.
2. Withdrawing consent
Withdrawal of consent is now required to be as simple as possible. Your customers or clients must be informed that they have the right to withdraw consent at the time of signing up, and you must make this process as easy as possible. Furthermore, when withdrawn, an individual’s details must be permanently erased, not just removed from the relevant databases.
3. Reasons for storing data
One of the most striking changes found in the GDPR is the requirement of businesses to prove they have a legal basis to store and use any gathered data and provide details of where their data is stored. Reasons for processing data must be specific, explicit and have a legitimate purpose. Furthermore, you won’t be able to keep data for as long as you want – only for the necessary period required for processing.
4. Data Protection Officers will be in high demand
All public authorities and businesses whose core activities involve the systematic monitoring of large amounts of personal data will need to hire a data protection officer. These individuals will be responsible for implementing any data protection strategies and making sure your company is in full compliance with the GDPR.
5. The fines are considerable
This is not something you’ll want to put off. Fines for non-compliance can result in fines of up to €20 million or up to four percent of total global revenue of the preceding year, whichever is greater.
With just over six months to go before the changes take effect, it’s worth using this time to prepare your existing systems. Tiger Recruitment can help source temps with a data background to cleanse and tidy databases and delete records, or contracted data protection officers for after the laws have taken effect.