In recent months, one of the hottest news topics has been data privacy. The Facebook and Cambridge Analytica scandal has thrown up questions in everyone’s mind about the privacy of their data. Every time we search for something online, make a purchase in a store or post something on social media, our data is being harvested- but how and why?
In order to answer this question and ensure safety for consumers and businesses alike, a new European privacy regulation called (GDPR) comes into effect on the 25th May 2018. GDPR offers us all the luxury of knowing our personal data is being protected and kept private but as a business owner, it does have some implications on how we collect and use customer information. Here is a summary of what you need to know.
Under GDPR, individuals must be informed if you are collecting or storing any of their data.
This can be anything as simple as keeping their name or email address on file. Customers must now opt in to having their data collected and consent must be explicitly given.
Individuals have the right to data portability.
In short, this means if individuals request, they have the right for their data to be transferred to another service provider, free of charge and in a machine readable format.
If a customer requests access to view the data your business has stored under their name and ask what it is being used for- your business must supply the data for free and in electronic format if requested. Customers also have the right to have their information updated or corrected, for free at any given time.
Customers must be notified of any data security breach.
If your business suffers any security breach which compromises any customer’s personal data, the customer must be informed within 72 hours of the business first becoming aware of the breach.
Individuals have the right to request deletion of their data.
Although there are caveats and exemptions to this, if customers are no longer customers or they withdraw their consent for their data to be used then they have the right for their data to be deleted.
The penalties are not to be ignored.
The penalties for a breach of GDPR can be anything up to 4% of a companies annual global revenue or even a straight 20 million euro fine.
Although GDPR may sound like a mostly IT led issue, the new regulations have widespread implications on other areas of your business, particularly in sales and marketing. Here at Se7en Services, our dedicated team of business consultants can help you make sure your business stays compliant. To help control your future costs, we can even help you appoint and train GDPR compliance specialists who will map and review your company’s data, review your security measures and implement any necessary additional extras, review your documentation and put any new procedures in place across your organisation.
For more information or assistance please visit our website at www.se7enservices.com or follow us on social media. Alternatively, feel free to contact our office on 01904 207005.