Do you know what has been the most important change in data privacy in the last 20 years? Yes, you guessed it right, it is the GDPR or the General Data Protection Regulation.
The GDPR was approved by the by the EU Parliament on 14th April, 2016. It is proposed to be enforced from 25th May, 2018. If organizations fail to comply with the same, they may have to face consequences.
Before we delve into the specifics of the GDPR, let us first understand what exactly the GDPR is. It is a regulation of the EU (Regulation (EU) 2016/679) by which the European Parliament, the Council of the European Union and the European Commission aim to strengthen and unify data protection for all individuals within the European Union. This Regulation has replaced the previously implemented Data Protection Directive 95/46/EC. It basically aims to keep a check on the data privacy laws of Europe and give the citizens the right to the privacy of the data associated to them. It requires the organization to rethink on their data privacy norms.
This Regulation is directly binding and applicable as it does not require the national governments to pass any enabling legislation. With the implementation of the GDPR, the citizens and residents get control over their personal data.
The Key Elements of the GDPR:
As already discussed, the Regulation applies to personal data. It can be in any format. The newer addition to this personal data is the inclusion of genetic and biometric data. The types of data that come under the GDPR are:
- Basic identity information such as name, address and ID numbers.
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Scope of the GDPR:
The GDPR applies to all the EU organizations that deal in the personal data of individuals residing in the EU even if they are not the citizens of EU. These organizations can be commercial businesses, charity or public authority. The GDPR also covers those organizations that are outside the EU but that provide goods or services to those that reside within the EU. These services may require the storing, monitoring or processing of their personal data. The third-party service providers that process data on behalf of an organization also come under the GDPR. A common example of this might be the Cloud service providers.
Benefits of the GDPR:
Organizations that become GDPR compliant, have a number of advantages. Some of them are as mentioned:
- Improved Business Reputation: Data breaches are the major threats to businesses these days. But when a company is GDPR compliant, it will create an image of security in front of the existing and potential customers and thus be a great means of marketing the company.
- Greater Customer Loyalty: When an organization will be GDPR compliant, it will be able to provide to its customers greater security and thus better services. This will enhance the image of the company in front of the customers and thus will increase the customer loyalty.
- More Accurate Data: Since the GDPR will empower the customers to access and validate their personal information and make changes to any errors that they find, organizations will now have a more accurate database of the information of their customers.
- Greater Security of Data Globally: The GDPR promotes a very high level of consumer client trust when it takes into account the need to protect individuals whose data is transferred to a third-party country of an organization that is outside the EU.
Penalties for Not Being GDPR Compliant:
As already mentioned, the GDPR will come to force on 25th May, 2018. If an organization is found being non-compliant with the GDPR, the Regulation allows for steep penalties of up to 20 million Euros or 4% of the global annual turnover, whichever is higher. However, it is highly believed that there will be many firms that will be non-compliant and according to management consulting firm, Oliver Wayman, the EU would be collecting upto about $6 billion in fine. The assessment of fines will be another area of difficulty in this regard.
Some Facts:
A study by vpnMentor found that as of now, only 34% websites are compliant with the GDPR. It had run a test of over 2,500 websites in the EU that need to follow the new GDPR regulations. Most of the websites they checked either had the old privacy policies or had none at all. Some of them were not even ready for the newer policies that will be made effective in May. As already mentioned, if these companies still fail to be compliant, they might have to pay the penalties as laid down.
Germany seems to be more prepared than any other country with a compliance of 67%. On the other hand, countries like Sweden, Denmark and Portugal have a compliance rate of merely 21%, 20% and 17% respectively.
For this research, they targeted those websites that use MailChimp – an e-mail marketing tool that collects email addresses of users in order to send them relevant marketing content. Since they have to store such data, they need a privacy policy that fits in with the GDPR regulations. Thus, they collected around 100 websites in each country that use MailChimp, if it was available, and found the above results.
How Wishtree Can Help You Become GDPR Compliant?
We will help you establish compliance directives by combining security and visibility with a sound data management strategy. By implementing proper procedures, policies and technologies, we allow for better transparency over data.
We ensure that multiple advanced protocols deliver the flexibility to connect securely your business with the partner. Also, we make use of digital receipts and signatures that would ensure the authenticity of a message or a document. Amongst other things that we use, are audit trailing and logging that centralizes file tracking and enhances data tracking. We also use Active Directory mechanisms and give centralized admin capabilities to various business units on a centralized browser.
For detailed information on GDPR, follow the link: https://www.eugdpr.org/