GDPR - General Data Protection Regulation

Sensitive customer personal information held by businesses pose significant risk if stolen and abused.  The General Data Protection Regulation (GDPR) is a joint proposal by the European Commission, European Parliament, and the Council of the EU which provides individuals with even greater control over the collection and use of their personal data.

EU citizens are becoming more selective about how they share their personal data online.  Internet users are questioning how much data companies have on them. The purpose of this EU regulation is to strengthen & unify data protection for all individuals within the European Union. GDPR is a set of processes to protect the privacy of European citizens.

A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how.  The GDPR is a regulation, not a directive, so it is a binding legal force that will be immediately enforceable as law in all EU member states on May 25, 2018.   Companies found to be in violation of the GDPR face a fine of $24 million or 4% of annual sales, depending on which figure is higher. 

The GDPR stipulates that data of EU citizens can only be used if they give a company explicit permission and that people have the right to have their data erased should they desire.

Does the GDPR affect you?

Entities outside Europe who do business with European citizens are also included. The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

It also applies to newsletters & email marketing.  If you collect email addresses and send email to subscribers in the EU, you will have to comply with the GDPR, no matter where you are based. The UK, Germany, France, and other European countries represent valuable new & previously established markets for many brands around the World.

If users are required to provide an email address to download a document or are required to provide their contact information to enter a contest, you can not use their personal data to send marketing messages unless they actively agreed  to it. It is illegal to add these email addresses to your mailing list.

The GDPR affects how marketers seek, collect, and record consent. Marketers will only be allowed to send email to people who’ve opted-in to receive messages. Many practices that marketers previously used to grow their database won’t be compliant under GDPR.

What kind of personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Useful Links ...

• EU Data Protection
• Direct Marketing Association GDPR News
  
• EUGDPR.org GDPR FAQs
  
• European Commission - Fact Sheet
  
• Preparing for the GDPR - 12 steps to take now 
  

If you have any questions or concerns in regards to your business and GDPR compliance it is strongly recommended that you contact a professional GDPR lawyer.

clearFusion & GDPR/Privacy