Is Your Website Safe? How to Perform a Website Security Check
If a website security check isn't on your to-do list, you’re leaving your site (and business) vulnerable. Learn how to…
Read More
This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should always seek professional legal advice where appropriate. Learn how to get ready for GDPR with our Ultimate GDPR Overview on the General Data Protection Regulation (GDPR) and your business ecosystem.
The General Data Protection Regulation, adopted April 27, 2016, takes effect for the rest of the world, including the United States, on May 25, 2018. GDPR is a comprehensive data protection regulation that aims to provide European Union citizens and residents with greater digital privacy rights. The new regulation replaces the less harmonized 1995 Data Protection Directive. GDPR mandates compliance from any company or organization with EU customers, partners, or vendors.
The General Data Protection Regulation affects companies of all sizes once the storage or processing of EU personal data is involved. You should begin GDPR compliance if you have or will have EU member data stored or processed through your website or database. This includes things like the cloud, newsletter opt-in forms, and other marketing communications tools. Public entities such as law enforcement may be exempt from the Data Protection Officer requirement.
The GDPR requires that you hire a Data Protection Officer in addition to current IT or cybersecurity roles present only if your organization falls into any of the three categories: (a) public authorities, (b) organizations that engage in large-scale systematic monitoring, or (c) organizations that engage in large-scale processing of sensitive personal data.
When it comes to larger organizations, there are a few roles which the GDPR defines as being responsible; data controller, data processor, and data protection officer (DPO).
EUGDPR.org defines the difference between a controller and data processor as the following: a controller is an entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity that processes personal data on behalf of the controller.
The EU has upgraded its definition of personal data to include what was defined in the Data Protection Directive as well as some additional terms that reflect newer types of data being collected. This includes everything under the sun from medical information, IP addresses, sexual orientation, social media posts, email addresses, bank details, and more.
Pseudonymized personal data is the process of replacing the most identifiable data with artificial data. It is often possible to still identify the subject by analyzing additional coinciding data. For this reason, certain types of pseudonymization may still be subject to GDPR rules.
Non-compliance can cost companies up 20 million Euros or up to 4 percent of their annual global turnover, whichever is greater. If there are multiple infractions then the fine can exceed beyond this.
The General Data Protection Regulation replaces the EU’s 1995 Data Protection Directive. The directive was introduced at a time when consumer data processing was less sophisticated. GDPR addresses the growing concern about data processing and usage. The fact that it is not a directive makes it directly binding and effective without needing to be enforced by national government legislation. Data privacy discussions have become a hot topic in the media, such as the Cambridge Analytica Incident where 50 million people did not give consent for their data to be harvested.
These cases further establish why the EU is taking strong measures to ensure their citizens have greater control over data. According to recent surveys (Page Fair, SAS) completed, concerning data privacy over 80% of data subjects claimed to have never given consent. In addition, the EU claims that by creating a set of global rules international companies should find it easier to navigate data privacy.
You should kickstart GDPR compliance by creating a GDPR readiness plan that involves checks and balances on awareness and implementation. A few considerations are as follows:
Looking for GDPR website optimizations? Check out our Complete GDPR Website Checklist. The GDPR Website Checklist will address how to seamlessly weave the EU’s rules into your website and marketing for a better customer experience and you’ll get free growth hack tips that will strengthen your approach with CRM-based lead nurturing.
Comments
There are currently no responses.