General Data Protection Regulations (GDPR), comes into force on 25 May 2018, and with it there are some big implications for businesses that hold any personal data on their customers, including IP addresses, names, home and email addresses, posts on social networking sites, cookies, images, bank details or medical information.
GDPR was brought in to replace the Data Protection Directive 95/46/EC and according to its official website, is designed to ‘harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.’
The new regulations come with some key changes businesses need to implement before 25 May to avoid being hit by fines of up to 4% of annual global turnover, or €20million, (whichever is greater.)
With this in mind, it will pay to ensure your business is compliant and a good place to start is to ask yourself the following questions:
- What do you store?
Think about the kind of information you hold that could be used to identify an individual; and be careful as the list is often longer than you might initially think…
- Do you make it clear how data will be used?
- What is your storage plan?
- Can your business ‘forget’ people?
Preparing for GDPR is a huge undertaking and will have an impact on almost every customer-focused business.
Whilst these questions are a good starting point, if you need help to ensure your policies are robust get in touch with our digital experts.