What you need to know about GDPR

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s a regulation by the European Parliament, the Council of the European Union and the European Commission set out to strengthen data protection for all individuals within the European Union (EU). It’s objective is to enforce one rule across the EU for how businesses collate and store data information and aso gives people more say over what companies can do with their data. GDPR is a new ruling that introduces tougher fines for non-compliance and data breaches, so we all need to understand how to be GDPR compliant.  

Why was the GDPR drafted?

GDPR was drafted so that businesses have clear and simple guidelines to follow when collating and storing people’s data. GDPR was created to give all businesses a guideline on what they can and can’t store in line with the law.

Will Brexit affect GDPR?

Even when we leave the EU, GDPR will still apply as any company that does business with EU residents will be subject to GDPR regulations. The UK is set to leave the EU on 29 March 2019 - around ten months after GDPR comes into force but we will all still need to be GDPR compliant. The UK government has said leaving the EU won't impact on GDPR being enforced in the country and that it will still serve to benefit the UK. So Brexit is unlikely to have any impact on an organisation's GDPR compliance requirements. 

When will the GDPR apply?

The GDPR will apply in all EU member states from 25 May 2018.

Who does the GDPR apply to?

Anyone who holds data on someone will need to re-think about how they store data and how they retrieve this data. Even if you collect IP addresses or track cookies you will still need to be GDPR compliant.

What happens if i don’t comply?

Not complying with these new regulations could land you with a massive fine. If a breach is not reported within the 72-hour deadline, there is a risk of being fined up to €10 million or 2%- 4% of your global annual turnover – whichever one is greater.

How can I become GDPR compliant?

Pre-ticked boxes or users having to actively opt out of communications will no longer comply with the new regulations. Instead, a double opt-in process will become essential. Prospects will have to tick a box to actively sign up for marketing communications and then confirm by a further email.