General Data Protection Regulations (GDPR) refers to a regulation that requires businesses to protect the personal data and privacy of EU citizens. So, any company or brand that collects its user’s data from social media either thy are in the EU or outside should ensure to comply with the law since they might be dealing with EU citizens. Non-compliance could cost companies dearly. The current maximum fine is €20 million or 4% of global turnover. Currently, up to 70% of brands and organizations are non-compliance with the GDPR (Lew, 2018). Even if you are already in compliance with the GDPR Directive you must ensure that you are also compliant with the new requirements of the GDPR. Below are some questions you need to be asking yourself as a business or brand.
Do you have a Data Protection Officer (DPO) in your organization?
According to GDPR regulations, every business ought to have a special individual tasked with the role of ensuring compliance at all times. It is important to have someone in place either full-time or part-time, to ensure that company systems are always up to date with the GDPR compliance. Also, the DPO should be able to inform the company in case of any changes in the data privacy regulation.
Do you know what you are doing with online collected data?
Whether you have requested your customers or online users for personal data or you are collecting the data from your website. It is required of you to identify exactly the type of data you are collecting and how your company is using and managing the data. To be GDPR compliant, you need track the data you collect.
Are you in compliance with age of consent regulations?
Different countries have different age of consent regulations which as a business you ought to understand. Sometimes, you might require permission to collect data from an under aged user, who cannot legally consent to data collection. Given that the rules vary depending on country in the EU, it is crucial to keep updated always to avoid any issues.
Have you written your terms and conditions in a language people can easily understand?
Can an average visitor to your website understand your terms and conditions? The users should be able to read the regulations and tell immediately what they are signing up for. Vague and legalistic terms and conditions sends a message that you don’t want your audience to understand what they are signing up for. So, your privacy terms, and terms & conditions should be reviewed to ensure all your visitors understand whatever they are agreeing to.
What is your plan in case of a breach?
In case your data is not stored in highly encrypted devices, chances of loosing it are very high. In such a scenario the law requires that any security breach of user data be communicated within 72hours period. It is very important to be aware of the data you collect as we identified earlier because GDPR regulations requires you to inform the customers on the exact type of data that was affected by the data breach.
How will you comply with data requests?
Your customers or users you collect data from have rights regarding their data. For instance, the customers have the right to access their personal data or have it transmitted to a third-party or deleted. You should know that GDPR sends timelines for complying with the customer requests. Some requests require 30days max response time. To better handle such situations, you need to develop a process for receiving, processing and responding to any request regarding your customers data. This will help you remain compliant and avoid the heavy penalties associated with non-compliance.
Types of data covered by GDPR regulation
- Basic identity information including name, address, email address, etc.
- Web data such as location, IP address, cookie data, and RFID tags
- Sexual orientation
- Racial or ethnic data
- Health and genetic data
- Biometric data
- Political opinions
- Any information that relates to an identified or identifiable living individual
Compliance starts with an understanding of how important data privacy is and the consequences of any kind of data breach.
Are you GDPR compliant?
Lew, K. P. (2018, September 17). Research finds majority of businesses failing to comply with GDPR. Security Brief Europe - Cybersecurity and threat news for Europe, the Middle East & Africa. https://securitybrief.eu/story/research-finds-majority-of-businesses-failing-to-comply-with-gdpr