The process of getting yourself and your business established in Europe isn’t that different from other countries. However, there’s one main difference that you have to make sure you can follow, which is compliance to GDPR.
What is the GDPR?
The General Data Protection Regulation, or more often referred to as GDPR, is an EU law regulation regarding data protection and privacy for all individuals within the European Economic Area (EEA) and European Union (EU).
The GDPR was adopted on the 14th of April, 2016 and was implemented starting the 25th of May, 2018.
Because of GDPR, EU and EEA citizens will now have more control of their personal data, and they are assured that their information is securely protected. This is an important factor – if necessary, you should appoint a data controller to take care of GDPR compliance, as fines and penalties await those who don’t adhere to the policies.
Under the GDPR, when it comes to obtaining consent, the rules are stricter. Individuals have their specific rights related to certain actions and activities, such as the right to withdraw consent, and this consent should be direct and not assumed as given.
History of the GDPR
When the Internet was just a ‘baby’, there was the 1995 Data Protection Directive that also regulated personal data processing. It has almost all the specifics stated in the GDPR, but the Data Protection Directive has less scope and has less uniformity regarding the rights of the data subjects.
In 2012, the EC (European Commission) proposed that a reform of the then-existing data protection rules be made to further adapt to the changes in modern technology.
What the GDPR is All About
GDPR basically is a specific set of rules that intend to give people from the EU control over their data. This hopes to make the regulatory environment simple for both individuals and businesses, and for them to benefit from the digital economy.
As you may have observed, almost everything you do is related to data. The government, banks, retailers, social media accounts – almost, if not all, of them, deals with collecting and analyzing personal data.
Personal data pertains to any information related to a person or subject that can be used to refer to that person or subject, either directly or indirectly, such as the person’s name, email address, physical address, photo, bank details, medical information, computer IP address, or even updates on social networking pages.
Ensuring GDPR Compliance
There are times when no matter how careful you are, data breaches would happen. The information you gathered end up lost or stolen, and worse, handed over to people with malicious intent.
What if something like this happens? You, as a business, must always make ensure that you’re GDPR-compliant. Aside from making sure that you’ve gathered data legally, you also have to exert efforts in protecting those data from being misused and exploited.
- Understand what GDPR is all about
This should be your first step. You have to understand what this regulation is all about so that you’ll be prepared for your next move. You have to realize that it deals with technical and legal implementations, and you have to have both.
Aside from familiarizing yourself with the terms, there are articles you have to understand as well, such as Art. 5 & 6, both related to personal data processing. Art. 12 to 22 deals with data subject rights, while 25 & 32 handles data protection.
Take time to familiarize yourself with those; it’ll be a big help if you do.
- What can you do NOW?
Preparation is key, definitely, but there are things that you can already do now for GDPR compliance.
Know what data you need to keep; don’t store unnecessary details. Prioritize which data you need the most – if a clean-up is necessary, then go for it.
- What will you do NEXT?
Have security measures in place to help prevent or contain data breaches. If in case a breach does take place, be quick in notifying the individuals affected. If you have suppliers, check them as well, as they are included with those who should have strict measures in place. Review your current documentation, adjust them, and if necessary, come up with new ones.
Remember that your clients have to specifically state that they agree to your policies – pre-checked boxes are no longer allowed, as well as implied consent.
What If Something Goes Wrong?
You always have to bear the rights of these data owners in mind, or else there’ll be consequences for it. There are fines and penalties associated with non-compliance to GDPR.
How would the fines and penalties be determined? Here are the factors that the authorities would consider:
- What was the gravity, nature, and duration of the infringement?
- Was the infringement intentional, or was it caused by negligence?
- Did the company commit previous infringements in the past?
- Was there action done by the company to even attempt to lessen the damage inflicted on the individual?
- Were there any technical and/or organizational measures implemented by the organization?
- Did your company cooperate with the regulator/s to fix the infringement?
- What types of personal data were involved?
- How did the regulator find out about the violation/infringement?
- How did the authorities find out about the violation/infringement? Up to what extent did your company notify the organization?
- Did the processor or controller notify the infringement?
- Did you adhere to the approved certification schemes or codes of conduct?
Here’s another important point – the fines to be charged. How much are the administrative fines?
- If you have infringed Articles 8, 11, 25-39, 42, and 43, then you will be charged €10 million, or 2% of your company’s annual global turnover, whichever is higher.
- Infringement of Articles 5, 6, 7, 9, 12-22, and 44-49 will lead to your company being charged €20 million, or 4% of your company’s annual global turnover, whichever is higher.
Substantial amounts, aren’t they? That’s to somehow imply that you should comply with GDPR, or else, you’ll have to pay the price – literally.
Data is quite valuable nowadays. It can lead to a lot of opportunities, and at the same time, it can bring challenges and struggles to companies. Valuing a client’s data does not only give you peace of mind knowing you’re adhering to policies, but you’ll also end up with loyal clients who appreciate your transparency when it comes to handling your data.
Take time to study how your own company manages data, and see if you’re meeting the standards set by GDPR. If you think you still need to work on some areas, then do so to avoid the pitfalls of non-compliance to GDPR.
DragDorpr is a visual drag and drop page builder and editor. It is the only editor universal to any CMS – you can use it to build pages on any system.
It is also a Landing Page builder which gives you an option to publish standalone Landing pages on DragDropr’s fast Europe based servers. – included in our Personal plan!
Comming with 75+ ready Landing page templates it is often used by marketers to solely build and publish Landing pages quickly and easily – hosted on DragDropr high-speed servers, or on users servers.
Try it now for free, register here and publish your Landing page today!
DragDropr is GDPR optimized
Disclaimer: This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice. We are not lawyers. All the information on our blog is for informational purpose only. We make no representation as to accuracy, completeness, suitability, or validity of any information.