The new EU data regulation is on its way, and it’s going to be a tough one. I’m writing, of course, about the European personal data privacy law called General Data Protection Regulation (GDPR).

Your business, most probably, is within the scope of the law, so read attentively to know what’s important about GDPR. Still, remember that DevCom is not a law firm, and this article is not a legal advice. Please address relevant professionals for legal assessment.

Let’s not waste more of your time and dive into the 7 facts about the new EU data regulation:

 

EU data regulation

1. The law concerns everyone working with EU citizens

Unless you have nothing to do with European users, the law concerns you. Otherwise, companies worldwide, and particularly in the United States, are doing their utmost to comply. Moreover, a recent PwC survey claims that 92% of surveyed US companies prioritize highly the EU data regulation. Don’t lag behind!

Next fact:

2. You need explicit consent to use private data of European users

In addition, you have to specify the purpose for which you’re collecting this data. And it’s not all! The EU data regulation, furthermore, provides 8 rights to EU users.

The rights you should take care of go as follows:

  • The right to be informed: You must inform users about your privacy policy in a concise, easy-to-understand, and noticeable manner;
  • The right of access: EU citizens have the right to access their private data you’re storing. Plus, they can ask you about the way you’re processing the data;
  • The right to rectification: Users have the right to correct their private data;
  • The right to erasure: Your EU users have the right to delete all their private data you’re storing;
  • The right to restrict processing: EU citizens can restrict processing of their data in certain cases;
  • The right to data portability: Users can obtain a portable and readable version of their private data.
  • The right to object: Users can object to certain actions towards their data.
  • Rights related to automated decision making and profiling: EU citizens should not be forced to decide anything about their private data when they are using automated processing or profiling.

Are you confused by the phrase ‘private data’? No wonder. GDPR outlines the term very vaguely and broadly.

3. Private data means practically any information that leads back to a user

This new EU data regulation is strict and all-inclusive. Not only it safeguards personal data of EU citizens from everyone in the world but it, also, encompasses (almost) ALL private data. However, if you ask me to put it in a practical and tangible list, you’ll put it in 9 bullet points.

According to GDPR, personal data include:

  • Name
  • Email
  • Physical address
  • IP address
  • Phone number
  • Social security numbers
  • Any financial data
  • Data on religious and political views
  • Behavioral data

Okay, enough about rights and private data! Moving on to why it’s important to obey the EU regulation in the first place.

4. You might pay up to EUR 20 million if you violate the regulation

I believe you work for an ethical business putting morals and laws before earnings. Still, the new EU data regulation is backed by the impressive fine. It can take up to EUR 20 million or 4% of your annual revenue, whichever is higher.

QuoteNew data protections are something many companies need to be focusing on – these fines are hefty!

Jeremy GoldmanFounder & CEO @ Firebrand Group

However, each EU country may enforce the regulation as it deems right. Countries like Sweden may be more forgiving, and countries like Germany – not in the least. Still, the fine can easily bankrupt a start-up or a small-to-medium business. So, be careful.

Next.

5. You must comply with the EU data regulation until May 25, 2018

The clock is ticking: you have about a month to comply. Considering the importance of GDPR, I recommend, firstly, to seek legal advice. Secondly, you should instruct all your staff or co-workers on the new data policy. Finally, you need to apply the policy on all levels: technical and non-technical. In case you lack the technical expertise to implement the changes, please do feel free to address Devcom.

Next fact.

6. Your usual data privacy policy is not sufficient

The new EU data regulation is a continuation of the previous data policy. Nevertheless, you might have already noticed the serious attitude around the discussion of GDPR. That’s because GDPR is more significant than the previous EU data policy in a few ways:

  • protects EU citizens all over the world;
  • safeguards not only from cookie tracking but also from data tracking of any kind;
  • provides users with additional new rights (more in fact #2);
  • requires a sign of explicit consent like ticking a box under the privacy policy.

Finally, after you’re done creating your data policy, you’ll need to bring your website up to date.

7. Your website is not ready for the EU data regulation

Most probably, your website is not compliant in many ways. However, there’s still time for the change.

Just follow the steps to comply with GDPR:

  • Publish a detailed privacy policy on what personal data you store and how you process it. Moreover, you need to have an option to explicitly agree to your policy. Also, I advise you to reconsider your data policy altogether, and store only the necessary private information;
  • Consider ways and create setups to provide users with their data. In addition, don’t collect data you can’t extract from your database and present it in a machine-readable format. Finally, don’t forget you have to provide the data to its owner within 40 days;
  • Analyse your website plug-ins from third-party vendors. Every plug-in interacts with data in its own unique way. Therefore, this has to be reflected and aligned with your own privacy policy;
  • Prepare your website to automatically notify your users about a data breach within 72 hours;
  • Make sure all your marketing activities are ‘opt-in’. You should send automatic messages only to a database of contacts who provided you with explicit consent. Moreover, any personalization of a message should rely on private data you have permission to use. Finally, all the personal data gathered by you without consent should be deleted. End of story.

Conclusion

All in all, General Data Protection Regulation is a manageable law to comply with. Moreover, it’s the future of private data security. Now, your next step is to implement it as painlessly as possible and make sure your business doesn’t suffer any fallbacks. Lastly, you don’t have to create your new data privacy environment alone. There are plenty of law and tech firms ready to help. As a reliable web development company, DevCom is ready to step in and assist you with the technical part of your GDPR compliancy.

Keep in mind. DevCom has solid experience with tech consulting and web development. In case you need the following services, Contact Us.

Also, please feel free to check all the sources for this article:

For more data privacy articles please do check our article on Securing Your Data with Adobe Content Server DRM.

Written by Oleh Romanyuk, Marketing Manager @ DevCom