The General Data Protection Regulation (GDPR) is an EU data privacy regulation that went live in May 2018. The regulation applies to all organizations (even those outside of the EU) that provide goods and services or collect data on people residing in the EU. Data is currently collected almost everywhere we go digitally and physically. We also live in a global marketplace. The GDPR applies to many businesses of all sizes and all regions!
Disclaimer:
We are not lawyers, and this is not legal advice. This is also just an overview about the GDPR, so please dive in deeper on your own.
Data Types Defined:
The GDPR defines Personal and Sensitive Personal Data and has specific rules regarding the collection and usage of each.
In Short, The Following Rules Apply:
- Consent: Companies cannot process this data without consent from the individual and consent can be retracted at any point
- Communication: Companies must use “plain language” to tell people who you are, who you will be sharing the data with, why you are processing their data, and how long their information will be saved
- Access: Individuals need to have access to the data you have about them
- Ratification: Individuals need to be able to update and correct inaccurate data
- Erasure: The GDPR provides a “right to be forgotten”. If individuals ask for their personal data to be erased, you must have a way to comply
There are other guidelines that concern marketing, profiling, data transfer and even how you design applications!
Think It's Not Worth Looking In to? Think Again!
The GDPR imposes heavy fines on companies out of compliance! We are talking up to 4% of your global revenue (up to £20 million)! In our current business environment, data is necessary and interactions are global. Storing even one EU residents information in your system could be unlawful if not done correctly.
Learn More
In addition to the links above, here are our favorite resources to learn more about GDPR:
Need help with your CRM Solution? Contact Us.
