What is the GDPR?
GDPR – General Data Protection Regulation – is the new EU regulation intending to combine and strengthen data protection within the EU. This regulation was made on the 27th of April 2016 and is due to come into effect 25th of May 2018, giving time to adapt to the changes. GDPR will replace the outdated Data Protection Directive which has many gaps in it as a result of the rapid advancement of technology since 1995, when the directive was made.
The GDPR will cover all countries that process or hold the personal data of EU citizens, whether that country is a part of the EU or not. This means that Britain will still have to abide by the laws of the GDPR despite the result of the EU referendum at the end of June.
Most important changes
Some of the more important changes to legislation as a result of the GDPR are:
- The fines for not complying with the laws can reach a maximum of 4% of the businesses global annual turnover or up to €20,000,000. However for the first accidental infraction only a warning would be given.
- Data protection must be designed into the business services themselves, allowing for data protection to be carried out from start to finish of the involvement with the customer.
- Multinational companies that operate across the EU will need to employ a data protection office independently that is able to manage both the IT systems, and be familiar with the legality of the GDPR.
- All personal data must be able to be erased at will if a client requests that they no longer wish you to be in possession of their details. Once a request is made there will be a time period of a month to erase the data.
- Clear consent must be given for any personal data that is to be collected and processed. This will need to be consent from the child’s parents if they are under 16 years of age. This consent can be withdrawn at any time.
How to deal with the GDPR
The GDPR will start to be enforced on May 25th 2018, so companies currently have just under two years to ensure that they are GDPR compliant by the time the regulations come into force which should be enough time for an accurate evaluation of the current systems in place and to implement any changes that need to be made. It is important to ensure that all data held by a company has a known source, as well as a way of determining the age of the person data is being collected from along with a form of consent to allow for lawful data collection or transfer. It is also necessary to ensure that all security protecting data is strong enough to meet the requirements for the GDPR as stronger security methods will be needed.
One of the easiest ways to prepare for the GDPR is to ensure that you are sourcing your data and telemarketing needs from a reputable, reliable, and transparent company as this will check many GDPR boxes. The company would have to be GDPR compliant, making sure that consent was already gained and that much of the required data protection is already built into their services. Sourcing your data from a company with these features will save you a lot of time, allowing you to focus more on other parts of the GDPR that may be more challenging to implement.
Predictive coding technologies can also be used to ensure that only the required information is gathered, assisting with ensuring that data protection is designed into the services themselves. This technology can also be used to make deleting any personal information a much more efficient and thorough process.
The employment of a data protection officer as soon as possible would also aid preparation greatly as not only would it fill a requirement of the GDPR, the officer could make an early assessment of processes and systems to test for compliance.
As technology changes so must the legislation, so while the GDPR may make some processes more difficult for a large number of businesses; it is a necessary step that must be taken to protect the ever growing amount of personal information that is available online from people who could use that data for harmful purposes. It will become even more important to make sure that your data comes from a reputable and reliable source as time goes on as the volume of data available increases, most likely along with new regulations as new technology is developed. At 1 Stop Data we are working to ensure that we maintain a high level of data protection so that we are well within the standards required by the GDPR and we can continue to provide the safest and most reliable data possible.