If you are in business in the EU, even if the business isn’t physically located in this zone, you need to comply with the various aspects that the General Data Protection Regulation sets down. The GDPR is a new set of rules that will soon (in a week’s time) replace the data protection act of 1998.
The GDPR insists that it is out to safeguard the personal information of all the citizens in the European Union member states. While it might seem a daunting task to stay in compliance, it is vital that you make sure your business complies fully with the requirements. Truth is that it’s actually relatively easy to get certified and remain compliant.
Who Does the GDPR apply to?
The GDPR applies to a wide variety of businesses. If you deal in information or you request user data during a transaction, or you sell to one or more European countries, then you need to comply.
Here are a few steps to make sure your business is ready for GDPR.
Make Sure Subscribers Give Explicit Permission
If you conduct any form of list building with the aim to get subscribers, then you need to make sure that anyone that goes on the list has given explicit permission to feature on the list. The current act allows for implied permission, which is now not enough to let you put the users on the list.
Let the Staff Know about the New Rules
You need to take time and train your staff regarding the new rules that govern information in the company. Send a memo to all the staff with follow up meetings where you review the points of the memo. Point out the key players that will be taxed with implementing the rules and let them know what they are supposed to do.
You can go an extra mile and provide training for every employee in your organization so that they know what they are supposed to do and what they aren’t supposed to do regarding GDPR.
Know the Source of Customer Information
Make a quick audit of all the information from the customers and determine where it originated from and where you have used it in the business. Keep a record of all the information and who has had access to it at any time, and then make sure to document the relationship.
Information Deletion: Have a Strategy in Place
You need to have a way that clients can request for erasing their data from your database. Under the current data protection act, users had the rights to ask you to delete the data, but GDPR goes a step further to give the client rights over the data that is stored on your database.
The user has the right to be informed, right of access and rectification, right to delete the information, right to restrict the processing of the data and right to portability. They can also object anything to do with the data.
You need to document all this information for the client in a clear format.
Passing over Information
You need to have an apparent reason and strategy for passing on data to third parties. To this end, you need to make sure that you have a way for the client to opt in or not.
The GDPR needs you to place several things into effect to implement it in your company. Make sure you do so before the looming deadline.