What Is GDPR?
As of the 25th May 2018, anyone that has captured your data, must be GDPR (General Data Protection Regulation) Compliant. As a business, what does that mean for you? Well, in a nutshell, it means that individuals now have easier access to any data that companies hold about you. So what does GDPR mean for businesses?
Who is affected?
Providing you are trading within the EU, then everyone and anyone. No matter what size your business is, how old or what sector you trade in, even if you operate overseas and you have customers within the EU, then you must abide by the GDPR laws. Ignoring the laws can result in fines – up to 2% of your annual turnover or €10m, whichever is higher. If you have no dealings with the EU at all, then you can avoid having to company with GDPR, however you need to have a traffic filter to block any EU traffic coming to your website.
Personal Data VS Sensitive Personal Data
It is important to understand what data is being stored, whether it is personal data or sensitive personal data. Personal data is information that allows an individual to be identified, such as their name, address or IP address. Whereas sensitive personal data is an individual’s religious beliefs, political opinions, racial information or sexual orientation. Providing you are capturing any of this information, whether it is personal or sensitive personal data – you must comply with GDPR.
Rights for Individuals
Individuals have the rights to access and control their data:
- The Right to be Informed – Companies must properly inform an individual what data is being collected and what they are using it for and how long they will keep it, as well as who they plan to share it with.
- The Right to Access – Individuals have the right to contact an organisation to ask what data the hold and how it is being used.
- The Right to Rectification – Individuals have the right to ensure all information held is correct and can be rectified if any is inaccurate.
- The Right to Erasure – Individuals have the ‘right to be forgotten’ and can ask companies to delete any data that they hold on them, there is no right that this can refused by an organisation.
- The Right to Restrict Processing – Individuals have the right to deny consent to the processing of their data.
- The Right to Data Portability – Individuals have the right to take any data help, and extract it to be used elsewhere.
- The Right to Object – Individuals have the right to stop being contacted with the data they have provided for direct marketing, phone calls or emails.
GDPR is a big deal, whether you are an international company, a small business or an individual! Make sure that you follow the regulations to ensure you don’t receive a fine by breaking the law.
As always, feel free to get in touch!
READY TO START?
TBD's Referral Scheme
Refer a client to TBD and if that client takes on a project with us, you will earn 10% of their total design invoice.
It doesn't get simpler than that, earn commission without lifting a finger!