GDPR – Take a Step Towards GDPR Compliance
The internet is changing breathtakingly the way we handle tasks, communicate every day. We send emails, shop online, order food, pay bills by entering our all personal details without a second thought.
Have you ever thought what happens with that information?
When you visit any bank, social media websites or any other site where you share your address, bank account details or any personal information, the sites you visit keep your information illegally.
Companies tell you that they serve you better by collecting the information and tracking your activities. When you are visiting any website, your IP address is stored digitally, and these websites can keep an eye on your actions.
However, do they keep the data to serve you better?
A survey by Dell shows 80% businesses knows few details about GDPR or knows nothing about GDPR. Perhaps, worst of all is 97% don’t have any plans when GDPR inaugurate in 2018.
This is the reason we will explain GDPR and its impact on your business.
What is GDPR? The new policy introduced by European Union(EU) called General Data Protection Regulation (GDPR). The policy will come into effect on 25 May 2018. The regulation will be implemented on all companies. It will provide greater assurance to the users about their information.
The resolution provides the citizens of EU and EEA with assurance and greater control over their details.
The GDPR process, the regulation assesses the personal data you are having and determine which falls under which jurisdiction. The personal data of a user can be a name, photograph, an email address, bank account details, medical information, social media updates, location or IP address.
A person is a person- there is no differentiation between the personal data based on public, private or work roles. In a Business to Business meeting, everything is about interacting and sharing the information with each other. In a business to business meeting companies are involved, but individuals maintain information.
The reason for introducing the policy is that individuals have more right to their data and keeping the data secured from companies who are using the information for only monetary gain.
Under the GDPR individuals have:
- Right to Access
- Right to data portability
- Right to be informed
- Right to be forgotten
- Right to restrict processing
- Right to have the correct information
- Right to object
- Right to be notified
The implication of GDPR is applied only to businesses and organisations established in EA regardless of either the data processing is done in EU or not. The non-EU established organisations that are offering services to EU citizens come under GDPR. Strict penalties are there for the companies or organisations that don’t abide GDPR rule. The higher amount will be taken from 4% of annual global revenue or 20 million Euros as a penalty.
The impact of GDPR on organisations can be seen after May 2018. The conditions for obtaining consent from the client is getting strict. If the person wants to withdraw the consent, then he can do immediately. The company don’t have the right to stop. Consent is valid only after showing several other consents. The team of business development will be not allowed to approach the clients directly, consent of the person is required for the sign-up. Trade shows in the B2B world allow salespeople to meet potential customers and share their contacts. The contact information is added to the company’s mailing list. The sharing of contact information will be not possible after the implementation of GDPS and company will have to look at other ways to collect the customer information.
The key component for GDPS is introducing policy design. All the departments of the company will have to look closely at their data and how they handle it. The company will have to follow many things to comply with GDPR:
- Map your company’s data
- Determine what data you need to keep
- Put security measures in place
- Review your documentation
- Establish procedures for handling personal data