Data Security

GDPR Compliance: Everything that you need to know in 2020

In 2012, the European Commission drew plans for data protection revision across the EU to give Europe a better chance at Digital Privacy. One of the key elements of the reforms is introducing a General Data Protection Regulation(GDPR). This novel model applies to businesses across the European Union and beyond. The European Commission enforced a plan for businesses to comply with GDPR and if you don’t, well then there are serious repercussions (a fine of 4% of revenue or upto 20million euros). I am sure no business wants to get down that road.

Why is GDPR important?

GDPR is a set of norms designed by the European Union that impose a strict set of rules around how it’s citizens data is collected, stored and managed. Essentially, almost each and every facet of our life revolves around data. Ranging from Social Media agencies to retailers, govt. Organisations and banks involve the collection and management of our personal data. To give you a perspective, our name, address, phone number and credit card details are collected, monitored and stored by businesses. These laws have shaped the data protection laws in the United States too. It is extremely important to comply with GDPR laws or lose a chunk of your business revenue if found guilty.

How does GDPR work?

GDPR constitutes one of the most robust data security laws in the world. It enables the people the right to ask organisations how their private data is collected, stored, used and request it to be deleted. It creates a liability for organisations to explain how, where and why your personal data is stored and used. Additionally, users can raise an objection if their personal data is used inappropriately for certain purposes like direct marketing. If you are searching for bags and start seeing ads for similar products, it is creepy and should be able to ask the business to stop using your personal data for marketing activities. GDPR ensures this along with other rights.
European citizens have these rights given to them by Law. However, some organisations may understand it’s better to use GDPR protection policies for all their customers and not just limited to Europe. For example, Microsoft announced that it would provide all users control of their data under the new GDPR rules with a dashboard where users can manage their personal data. Whereas, Facebook, has changed their privacy settings and tools globally but EU users do get special rights due to GDPR laws. Users from other countries still not get the same rights from Facebook till date, which state how GDPR is accepted by each organisation is different.

How does it work for Non-EU Nations?

GDPR comes into play if you have a business website that:

  • Engages in Direct Marketing to the European Union
  • If you collect/store personal data from the citizens of the European Union.

So, even if you are a business not located in the EU but are interacting with EU citizens then GDPR is a must have for you. For example, if you have a website which tracks user data to monitor website traffic, or a blog where users can comment or subscribe to your newsletter, or have a contact us/inquiry form then GDPR applies to you. To be clear and precise, if you have the following service pages and a EU citizen lands on your page, then you have all the reasons to worry about. However, if your business complies with GDPR laws then you have no reason to worry about.

How to implement GDPR policies?

The GDPR policy is all about empowering the end user visiting your website. Hence when a user comes to your website and before loading cookies/ or a tracking code, it is essential to inform the end user of all the ways you are collecting, storing and using their personal information and give them an option to decide. Additionally, it is imperative that you have an easy to understand privacy policy and details of your cookies and the timeframe through which it is stored on your server. It is also necessary to have an easy process for a user to make a formal request for all the personal data you have stored. There should be a seamless system where the users can ask you to change or delete their personal data within 30 days.

We have listed all major concerns relating to the use of GDPR compliance and safe business practices within the EU and global business alike. If you have any concerns or questions pertaining to GDPR, you can contact us to know more.