So with GDPR due to launch on the 25th of May 2018 people are now starting to panic and maybe they have a reason too. GDPR is coming and will impact 508 million people and basically will have an impact on Europe, which includes companies who do business in Europe.
What does GDPR Stand for?
General Data Protection regulation, which is an important new regulation which comes into play on the 25th of May 2018. Over the years people have used Social Media and put their own personal information onto these platforms, they have also signed up to the likes of Amazon, Weebly, Blogger, Spotify, Google, PlayStation, Yahoo and many other websites and platforms over the years.
Who does GDPR Protect?
GDPR is there to protect the information of the users, it’s not there to protect companies it’s all about ensuring that your personal data is not misused.
An example of this, I changed my mobile phone number a few years back as I was sick of getting sales calls and every other type of marketing call, and I provided my numbers to a number of small sources and before I knew it I was again being bombarded with spam and sales, so my information was clearly being sold on and misused. If for example, I agree to sign up for something on “ Credit Expert “ then my data shouldn’t not then be sold to telemarketing companies or sales companies. But the reality is people do sell data and that is why we are then bombarded with tons of sales calls.
On top of your data being misused for sales, it can also result in things like
Invasion of Privacy
What impact will GDPR have on businesses?
GDPR isn’t something that is 100% new, this strategy of misusing peoples data wasn’t ever supposed to happen using people’s personal data buy buying lists of data isn’t what I would call real marketing strategy, others will argue that it is, but if that’s your business strategy then its your business that will have to be careful when GDPR is launched.
Any business or brand who market themselves well and gather data on their customers using the correct procedures and making sure this data is kept on a safe and secure system then you will pretty much be covered.
What businesses must understand about GDPR?
Harsh penalties when this comes into play
The government will aim to regulate this properly
What information is personal data?
Social Media Posts
Date of Birth
Is an IP address personal data?
In the EU an IP address is considered to be personal data, in the US is not considered to be personal data, however, GDPR is in force in the EU and is considered to be personal data.
Personal Data Is Owned by the Individual
Personal data is owned by the citizen themselves anything that personally identifies an individual is personal data and is 100% owned by the person themselves, not the company they provide the information too. There is a common misconception that if you build up all of this data that the company in question owns this data, that is not the case when it comes to GDPR.
Collecting Data After GDPR is launched
When GDPR is launched an individual has to be able to choose whether they want to share data, not be forced to fill in certain data before they can place an order/get the information they have to be offered a way out of providing that data.
For example, if you run a free giveaway, people can enter the competition under your rules and you can collect their data in return for a free prize, but people must also be given the option not to enter the competition ( i know they won’t win a prize ) but you cannot force people into winning prizes.
You must also show in an easily accessible location what anyone’s data will be used for on your website, this is very important to comply with the new regulations.
Grey Areas of GDPR?
With anything, there will always be grey areas when GDPR is launched and no-one knows how the authorities will be dealing with those grey areas until they start taking action against people who they believe have misused peoples data.
Individuals right of access to data?
GDPR does state that people do have the right to get the data held by the company free of charge. But it also does state that if the demand of the individual is excessive and repetitive that the company can charge a reasonable fee for this information, so you will be glad to know not all the power is in the hands of the individuals.
People should have free access to data but have no right to burden the company with unreasonable requests.
An individual can also request that you erase their data from your systems and if they request this, you are obliged to do so.