25th May, 2018 was a historical day in the calendars of both business owners and customers alike. It was the day that the EU's General Data Protection Regulation (GDPR) was enforced.
The implementation of this regulation is expected to change and affect the way business is done going forward. The realistic implications are expected to unfold as we make our way into 2019.
Now every business person, marketer, and maybe customer knows how important data sharing is in this smart business world; from provision of improved products to enhanced customer experience.
The relevance of data cannot be overstated. How and what the data is actually used for is a growing concern for customers, who provide this data. More so, the security and protection of these supplied data from intrusion by unsolicited parties is also an issue to led to the GDPR.
The Synopsis of the GDPR
When it comes to handling personal data that is supplied by any individual (customer), the GDPR makes the following provisions:
- Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
You can get the full gist in article 5 of the GDPR.
The question now is; what are the applications and implications of the GDPR to both businesses and customers alike?
Here are key facts you need to know:
1. The Aims and Objectives are Clear
Basically, the GDPR is quite simple and easy to understand. The whole objective of this regulation boils down to:
- Unifying and strengthening the security and protection of the data shared by customers when interacting with businesses or other forms of interactions that require data sharing.
- Giving customers greater control over the storage and usage of their personal data.
- To check and control third party access to customers’ personal data.
These are basically the purpose of the GDPR. Compliance is not optional. Therefore you need to know how this plays out to navigate your way around compliance.
Checking and controlling how businesses deal with customers’ personal data - which can be anything from name to home address, race to religion, social media activities to genetic and biometric information - is the core purpose of the GDPR.
2. It Supersedes Other Data Regulations.
As earlier stated, this is a regulation that emanated from the EU and was intended for the EU community. However, this regulation and its provisions have gained worldwide implementation.
It takes the place of other data policies like the EU's Data Protection Directive or the UK's Data Protection Act.
It supersedes these other acts in the following ways:
- It is globally binding, whether you're in the EU or outside of it.
- It brings several other legislative provisions on data handling into one legal framework.
- It takes third party access of data into full consideration.
There's no going around this one, at least for now.
3. It Affects Everyone
With major economic shake ups, such as Brexit, happening in 2019, there were concerns about the global effect of GDPR. However, the responsibility to protect, secure and control customers’ personal data is for everyone.
For the Brexit issue, the Queen has made it categorically clear in her speech on 27th June, 2018 that GDPR will still be enforced in the UK.
In order to ensure compliance, businesses have been tasked to have a Data Protection Office. They will be saddled with responsibilities such as monitoring compliance, cooperating with data protection authorities, and informing businesses of updates in the regulation.
4. Non Compliance Will Attract Heavy Consequences
Okay, that is being said of any new regulation that comes into play. This is a bit different.
There is a heavy financial punch that non compliance will throw at your business if you don't comply. A fine of €20 million or 4% of annual turnover, depending on the one that is higher, will be slapped on offenders.
Other repercussions are a detrimental impact to company reputation and brand legacy, and a potential suspension of data processing in the EU.
If you've been in business for a long time, you will know that even though you want to focus on the long term, you still need to take care of the short term issues. If these little issues like compliance to GDPR are not taken care of, they could compound to myriads of problems.
How Should You Shape For What's Coming?
A few quick smart steps to take in order to set your brand up for compliance are:
- Ensure that your method of obtaining consent from customers to either store or use their data is GDPR compliant. Desist from using bogus terms that only lawyers can understand, use terms that a lay customer can understand. Also, do not assume that a customer's silence means consent.
- Put mechanisms in place to ensure that you honor a customer's request to edit personal data - which largely will be to delete their personal data. You have to prepare to respect the customer's right to revoke personal data storage control.
- Put measures in place to immediately notify customers who shared their data whenever there is a data breach. The GDPR provides that the notification be sent not later than 72 hours after you became aware of the breach.
- Ensure you obtain parental consent for data sharing that involves children. This is a new guideline that was captured in the GDPR that wasn't in the previous data regulations before it.
- Be ready to be more open and transparent with customers on issues regarding data storage and usage. GDPR is about handing control of personal data to customers.