Dealing with Data: GDPR Compliance and Your Company
Businesses are still struggling to comply with the new General Data Protection Regulations (GDPR) that went into effect on May 25. The European Union’s effort to reform personal electronic privacy protections has changed the landscape for any company that gathers customer data.
It doesn’t matter if your company isn’t based in the EU. If it collects or processes information about European Union citizens, it falls under the scope of the regulations. Violating the GDPR, even unintentionally, can result in heavy fines: up to $26.5 million USD or 4 percent of global revenue in the worst-case scenario.
Focus on Compliance
In the EU, the personal identification information (PII) protected by the GDPR can include things like sexual orientation, racial or ethnic data, or standalone email address.
The new requirements include:
- Consent. Your company must receive consent from an individual before any personal data can be processed. They can withdraw their consent at any time.
- Right to Access. Individuals have the right to access any personal data about them that your company holds. They can request a copy of it.
- Right to be Forgotten. Your company must erase an individual’s personal data and stop processing it upon request.
- Data Portability. Upon request, your company must be able to provide an individual’s personal data to them in a format that can be transferred to another company.
- Data Minimization. Your company can only collect and store the minimum of personal data necessary for the process.
- Breach Notification. Your company has 72 hours to alert supervisory authorities to personal data breaches once they are discovered.
Importance of Consent
The key component of GDPR is consent. Ensure your company has permission from users to gather their data. These regulations also govern the use of that data for marketing communications. Consent to receive messaging must be refreshed every two years.
If your company needs help meeting GDPR requirements, LMS can help guide you towards compliance with the new data protection regulations. Our team members are pioneers in data-driven consulting and can serve as GDPR experts. To learn more, reach out to us today at [email protected]