Data Protection Changes and What It Means for Your Website
At Bamboo Nine, we like to keep ahead of any important changes in the Digital Marketing Sector so that we can keep our customers, clients and readership updated. So, let’s discuss the data protection changes coming into force in 2018 and what they mean for your website.
Data Protection Changes Overview
The EU General Data Protection Regulation (otherwise referred to as GDPR) is considered the most important data privacy regulation change in the last 20 years. The GDPR enforcement date is 25th May 2018. At this point, any organisations in non-compliance will face heavy fines. So, we’re here to help you get your head around the new changes so that you don’t get caught short!
What Does the GDPR Do?
We live in an increasingly digital world. Most of our information is stored online, making it susceptible to unlawful access from third parties and hackers. The EU General Data Protection Regulation replaces the previous Data Protection Directive designed to complement data privacy laws across Europe to help protect citizens and their personal data. These data protection changes are reshaping the way organisations across Europe approach data privacy.
GDPR will apply to the processing of all personal data by controllers and processors in the EU. It doesn’t matter whether the processing takes place in the EU or not, it is still under data protection. The GDPR will also apply to any processing of personal data in the EU and the monitoring of behaviour.
Who Does the GDPR Apply to?
- Controllers and processors. Controllers say how and why the personal data is processed and the processor acts on behalf of the controller.
- Organisations operating within and outside of the EU that offer goods or services to individuals in the EU.
Despite Brexit, UK organisations handling personal data will still need to comply with the General Data Protection Regulation as it will come into force before the UK leaves the EU.
Consent to be Strengthened
Companies, under the new data protection changes, must provide conditions for consent that are intelligible and easy to understand. This will strengthen the conditions for consent in regard to the processing of their personal data. Consent terms and conditions must be eligible and clear, using plain language and outlining exactly what the company will use your data for. Long illegible terms of consent and conditions full of legal speak will no longer be allowed. Furthermore, the GDPR ensures it must be just as easy to withdraw consent as it is to give it.
A Person’s Right to be Forgotten
This is also referred to as Data Erase and entitles the user the right to be forgotten. This means that data that is no longer relevant or data subjects withdrawing their consent, must be erased from the system. Put simply, the data subject will have the right to have his/her personal data erased to ensure no third parties can access or process the data.
How Does the GDPR Affect Personal Data?
The General Protection Data Regulation has made significant changes to the processing of personal data, giving people peace of mind and security. Furthermore, parental consent will be necessary for the processing of personal data of children under age 16. The GDPR makes it clear that any information identifying a person, from an IP address through to contact details, is considered personal data and must be treated as such.
The New Role of Data Processors
Due to the new General Data Protection Regulations coming into place, data processors have direct obligations for the first time. These include: maintaining a written record of all processing activities carried out on behalf of each controller, designating a data protection officer, appointing a representative if not established in the EU, and notifying the controller on any cross-border transfers. The new role of data processors will significantly impact data protection.
What are the Penalties?
If your company is found in breach of the new General Data Protection Regulations after the enforcement date, you can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for serious infringements, so it’s good to get your data protection changes in place before the enforcement date.
What You Need to Do:
To prepare yourself for the data protection changes coming in 2018, we would suggest following these steps to prepare:
- Prepare for data security breaches
- Ensure privacy is embedded into any new processing or deployed product
- Establish an accountability framework with clear policies
- Analyse your legal situation and how you use personal data
- Check your privacy notices and policies
- Keep in mind the rights of data subjects
So, the General Data Protection Regulation is proposing a series of changes to data-handling laws to help improve security. Simply, the new data regulations are designed to ease the minds of data subjects and keep their information safe. Although this means a bit more fuss and bother for your business, if you use the data you collect for the exact purpose you proposed, you shouldn’t have any issues.
It is important that you clearly outline your plans for the data you’re collecting, keep it safe and secure by managing it correctly and only using it for a set and stated purpose. We hope this article has helped outline the purpose of the General Data Protection Regulations and given you a clearer understanding of what it means for your business. For further information, read the EU General Data Protection Regulations in full detail here.