DISCLAIMER: Please note that this summary is for informational purposes only, and should not be relied upon as legal advice. We encourage you to work with your legal team and other professional counsel to determine precisely how the GDPR might apply to your organization:
Did you know that GDPR is coming into effect on May 25th, 2018? Let’s make sure you’re ready for it and you have all the information you need to be compliant. On this date the GDPR becomes enforceable and all companies must ensure full compliance.
What is GDPR?
General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union.
Who is affected by GDPR?
The GDPR is legally binding and doesn’t just affect companies in the EU. It affects ANY company that collects or deals with EU citizens’ personal data, even if it is not based in the EU. GDPR affects ANY information that could be used, on its own or in conjunction with any other data, to identify an individual. Personal data can include names, mailing addresses, social security numbers, email addresses, IP data, behavioral data, locational information, financial info and more.
What are some of the requirements for GDPR?
To ensure compliance, companies must make certain that they are following the strict consent and processing regulations defined by the GDPR. You must lawfully obtain and process email addresses and other personal data from your subscribers and contacts.
GDPR introduces not only an expansion of scope for who is affected and what it considers personal data, it expands on individual rights as well. Individuals must now be given the “Right to be forgotten”, “Right to object”, “Right to rectification”, “Right to access” and the “Right of portability”.
GDPR also introduces stricter consent requirements to be specific to distinct purposes and clear for different processing activities. Companies will not be allowed to use silence, pre-ticked boxes or inactivity to be taken as consent.
Finally, GDPR also introduces stricter processing requirements with individuals having the right to know the purpose of data being collected, how long it will be kept, having a legal basis for collecting the data and in some cases access to the contact information of a data controller within the company.
What are the penalties
Non-compliance sanctions can be as high as 20M EUROs or 4% of global annual turnover, whichever is higher. There is also no “grace period” following the May 25, 2018 deadline.
Tips for next steps
It is your responsibility to ensure that you obtain consent from your customers and contacts. It is not necessary to re-request consent from your subscribers when the GDPR goes into effect, however, you must have met the following conditions:
- Do you know what country your contacts are in?
- Do you correctly capture their consent and explain how you will use their data?
- Did you capture the time and details of your contact’s consent?
- Did you ask for consent at the point of collecting the data and use clear language for usage?
- Can you comply with data retrieval requests? Where is your data stored?
- Do your email communications include clear access to unsubscribe and privacy policies?
- Can you comply with the new ‘right to access’ legislation and show all the data that you have collected for someone?
- Can you comply with the new ‘right to be forgotten’ legislation and delete all the data that you have for a customer?
- Can you comply with the ‘right to object’ legislation and allow individuals to prohibit certain data uses?
- Can you comply with the ‘right to rectification’ legislation and allow incorrect data about someone to be fixed?
- Can you comply with the ‘right of portability’ legislation and have that data be sent from one organization to another?
Preparing for GDPR is not difficult if you understand the requirements and understand your current data capabilities and collection methods. To get started begin by reviewing your list and following the above checklist. Not sure what to do next? Contact Wired Messenger Inc. for a free consultation today on how you can become GDPR compliant.