What is it?
GDPR (General Data Protection Regulation) is the new set of privacy protection laws being rolled out by the European Commission. This new set of regulations has been created to give EU citizens more control over their personal data.
The purpose of it is to protect the personal data of individuals. Personal data is defined as “information relating to an identified or identifiable natural person”. It includes name, email address, IP address, social media posts, and any other identifiable information.
Who does it apply to?
Not only do businesses within the EU have to be GDPR compliant, but if a company is not based in the EU, but provides goods or services to customers and/or businesses in the EU, they must also be GDPR compliant.
When do these new laws go into effect?
Companies that these regulations will apply to must be compliant as of May 25, 2018.
What does that mean I have to do?
To be GDPR compliant, in simplest terms, any data you collect that is protected by GDPR must be strongly, properly protected from malicious use. If someone that falls under the GDPR protection requests to have information on how the data you collected from them was used, you must provide detailed information. Last, if an individual protected by the GDPR requests to have their information removed, you must comply promptly and fully.
In simpler terms, do this:
- Create an easy way to immediately delete a consumer’s identifying data if they request it to be done.
- Confirm email list subscriptions with a checkbox saying that they understand what content they have signed up to receive. Don’t use their information for any other purposes, and keep track of when they confirmed the subscription and what version they confirmed. This information needs to be stored for verification purposes.
- Make sure the data you do have is encrypted and protected.
That’s it in the simplest terms! Though a seemingly daunting undertaking, the purpose of these new GDPR laws is to put control of personal data back into the consumer’s hands.