- 1 1. The law concerns everyone working with EU citizens
- 2 2. You need explicit consent to use private data of European users
- 3 3. Private data means practically any information that leads back to a user
- 4 4. You might pay up to EUR 20 million if you violate the regulation
- 5 5. You must comply with the EU data regulation until May 25, 2018
- 7 7. Your website is not ready for the EU data regulation
- 8 Conclusion
The new EU data regulation is on its way, and it’s going to be a tough one. I’m writing, of course, about the European personal data privacy law called the General Data Protection Regulation (GDPR).
Your business, most probably, is within the scope of the law, so read attentively to know what’s important about GDPR. Still, remember that DevCom is not a law firm, and this article is not legal advice. Please address relevant professionals for legal assessment.
Let’s not waste more of your time and dive into the 7 facts about the new EU data regulation:
1. The law concerns everyone working with EU citizens
Unless you have nothing to do with European users, the law concerns you. Otherwise, companies worldwide, and particularly in the United States, are doing their utmost to comply. Moreover, a recent PwC survey claims that 92% of surveyed US companies prioritize highly the EU data regulation. Don’t lag behind!
2. You need explicit consent to use private data of European users
In addition, you have to specify the purpose for which you’re collecting this data. And it’s not all! The EU data regulation, furthermore, provides 8 rights to EU users.
The rights you should take care of go as follows:
2) The right of access: EU citizens have the right to access their private data you’re storing. Plus, they can ask you about the way you’re processing the data;
3) The right to rectification: Users have the right to correct their private data;
4) The right to erasure: Your EU users have the right to delete all their private data you’re storing;
5) The right to restrict processing: EU citizens can restrict processing of their data in certain cases;
6) The right to data portability: Users can obtain a portable and readable version of their private data.
7) The right to object: Users can object to certain actions towards their data.
8) Rights related to automated decision making and profiling: EU citizens should not be forced to decide anything about their private data when they are using automated processing or profiling.
Are you confused by the phrase ‘private data’? No wonder. GDPR outlines the term very vaguely and broadly.
3. Private data means practically any information that leads back to a user
This new EU data regulation is strict and all-inclusive. Not only it safeguards personal data of EU citizens from everyone in the world but it, also, encompasses (almost) ALL private data. However, if you ask me to put it in a practical and tangible list, you’ll put it in 9 bullet points.
According to GDPR, personal data include:
- Physical address
- IP address
- Phone number
- Social security numbers
- Any financial data
- Data on religious and political views
- Behavioral data
Okay, enough about rights and private data! Moving on to why it’s important to obey the EU regulation in the first place.
4. You might pay up to EUR 20 million if you violate the regulation
I believe you work for an ethical business putting morals and laws before earnings. Still, the new EU data regulation is backed by the impressive fine. It can take up to EUR 20 million or 4% of your annual revenue, whichever is higher.
New data protections are something many companies need to be focusing on
– these fines are hefty!
Jeremy Goldman, Founder & CEO @ Firebrand Group
However, each EU country may enforce the regulation as it deems right. Countries like Sweden may be more forgiving, and countries like Germany – not in the least. Still, the fine can easily bankrupt a start-up or a small-to-medium business. So, be careful.
5. You must comply with the EU data regulation until May 25, 2018
The clock is ticking: you have about a month to comply. Considering the importance of GDPR, I recommend, firstly, to seek legal advice. Secondly, you should instruct all your staff or co-workers on the new data policy. Finally, you need to apply the policy on all levels: technical and non-technical. In case you lack the technical expertise to implement the changes, please do feel free to address Devcom.
The new EU data regulation is a continuation of the previous data policy. Nevertheless, you might have already noticed the serious attitude around the discussion of GDPR. That’s because GDPR is more significant than the previous EU data policy in a few ways:
1. protects EU citizens all over the world;
2. safeguards not only from cookie tracking but also from data tracking of any kind;
3. provides users with additional new rights (more in fact #2);
Finally, after you’re done creating your data policy, you’ll need to bring your website up to date.
7. Your website is not ready for the EU data regulation
Most probably, your website is not compliant in many ways. However, there’s still time for the change.
Just follow the steps to comply with GDPR:
2) Consider ways and create setups to provide users with their data. In addition, don’t collect data you can’t extract from your database and present it in a machine-readable format. Finally, don’t forget you have to provide the data to its owner within 40 days;
4) Prepare your website to automatically notify your users about a data breach within 72 hours;
5) Make sure all your marketing activities are ‘opt-in’. You should send automatic messages only to a database of contacts who provided you with explicit consent. Moreover, any personalization of a message should rely on private data you have permission to use. Finally, all the personal data gathered by you without consent should be deleted. End of story.
All in all, the General Data Protection Regulation is a manageable law to comply with. Moreover, it’s the future of private data security. Now, your next step is to implement it as painlessly as possible and make sure your business doesn’t suffer any fallbacks. Lastly, you don’t have to create your new data privacy environment alone. There are plenty of law and tech firms ready to help. As a reliable web development company, DevCom is ready to step in and assist you with the technical part of your GDPR compliance.
Keep in mind. DevCom has solid experience with tech consulting and web development. In case you need the following services, Contact Us.
Also, please feel free to check all the sources for this article: