2018, so far, has been the year of GDPR. Everyone’s spent months trying to figure out what it all means, and with only a matter of weeks until D-Day - we’re going to lay it out for you so that you know what to expect. And most importantly, so you can GDPR-proof your business.
So what does GDPR stand for and what does it mean?
GDPR is the EU's General Data Protection Regulation (GDPR). Currently, the EU is working under the data protection regulations from 1995 which as you may have guessed is a little out of date. This is especially true when you start considering all of the developments of the internet and social media. The updated regulations introduce much tougher fines for non-compliance and breaches while giving back control of what companies can do with your personal data.
What's the thinking behind the updated GDPR?
There are two main goals behind updating the general data protection regulation.The first is to give control back to people over what companies can and can't do with their personal information. This is to prevent companies like Facebook and Google from unfairly using your personal information for business purposes without your permission. The second purpose of the new GDPR is to give companies a simpler and clearer legal environment to operate in.
When do the new GDPR rules start?
The new directive will come into force as of 25th of May 2018 for all EU states. This includes the UK as it they are currently still an active member of the EU for the time being being. Although the new regulations technically have been in place since 24th of May 2016, its will only be when the final wording of the regulations are finished this coming May, will they take effect.
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’ of data. Controller refers to any kind of business, charity, government or organisation and processor refers to anyone any firms that are processing data. If either of the parties are based outside of the EU, the regulations still apply as their processing data of EU residents. It's the controller's responsibility to ensure that the processor follows the GDPR regulations and processors must maintain records of their processing activities.
When should data be deleted?
Once GDPR comes into effect, controllers will have to have processed data lawfully, transparently, and for a specific purpose. This also means that data that is no longer needed should be deleted.
How can I gain consent to use someone’s data?
When it comes to GDPR, the main change is how consent is gained. Consent must be actively given by affirmative action. Rather than the old ways of implied consent, pre-ticked boxes or opt-outs, you’re going to have to get permission before you use anyone’s data.
How is Protemos complying with GDPR?
As a relatively small company, Protemos has three simple goals to comply with the new regulations.
- Do not access the users data unless they ask.
- Do not give them to third parties unless the users agree beforehand.
- Deleting personal data upon request from the Owner.
- Protect users data from unauthorised access by all means necessary.