On May 25th, 2018, the General Data Protection Regulation (GDPR) went into effect. This means that businesses will need to comply with the new EU law and get consent from their customers to be able to hold and use their data.
What does GDPR mean for businesses?
GDPR not only applies to companies located in the EU, but all companies that have customers there. This means that your business is required to adhere to this law if it has any customer data from an EU citizen. If you are involved with marketing or selling products/services to people in the EU, this law does not only affect you – it impacts the way your entire business operates.
How does this affect your business?
Your business must now comply with GDPR and get consent from customers before storing their data. If a customer requests, you must prove that they have been compliant from day one of being in business. This is important to understand because if a customer requests their data after getting it from you, you could be legally obligated to delete it. So how do you get the consent of your customers?
Understand your responsibilities under GDPR.
There are several changes that you need to make to ensure your business meets compliance. If you have been storing data from customers, it is important to know which rules govern that data and what responsibilities you have for it.
- Obtain consent from your customers. Before getting your customer’s consent, be sure they understand everything about how you use their data.
- Notify your customers of any breaches. A breach is when customer data is lost, stolen, or accidentally disclosed to another person/company. If you have one, you must let your customers know as soon as possible (at least 72 hours).
- Respond to requests for information from your customers. This means complying with requests regarding the accuracy, access, and deletion of data. It is important to acknowledge requests within a month and respond to them as soon as possible.
- Have a data protection policy in place. You must have a method for documenting all processing activities that you carry out under GDPR requirements. Your company should also have measures in place to ensure that employees are trained on data protection.
What are the consequences of non-compliance with GDPR?
The GDPR carries serious monetary fines for companies that don’t comply. The maximum fine is 4% of annual global turnover or €20 million (whichever is greater). So what does that mean for your business? If you store customer data, be sure to get their consent. Follow this advice and you will have no problems with non-compliance!
Understand the basics of GDPR and how it affects your business, as this article has shown you. Once you understand the requirements of GDPR, seek consent from customers to store data that you use for marketing purposes. This is a great way to get more leads. Plus, following these steps ensures that your business will be in compliance with the new regulation.