Legal
The GDPR: What On Earth Is It And Do You Need To Be Worried?
If you are the owner of a business or just curious about data security and the protection of your personal data, you might have stumbled across the term GDPR. Business owners need to be aware of this and why it’s essential. But even if you don’t own a business, the GDPR could also affect you.
What Exactly Is The GDPR?
GDPR stands for General Data Protection Regulation. Putting it simply, it’s a new set of laws that will change how companies can use data or even gather it. It comes into effect across Europe on May 25, 2018, and is the most significant data protection law change in over twenty years.
Why Is This Happening?
You could argue that it’s not only necessary but relatively late. The laws for managing data were actually drawn up in the nineties. You don’t have to be a tech genius to see that data usage and software has changed a lot since then.
With cloud servers that can store massive amounts of data online, digitally. We need new rules in place to protect how it is used and how it is shared. Just think about how much data you use daily on your mobile and computer. In the nineties, storing massive amounts of data required hard drives the size of a house. These days, it can all be handled on the cloud.
These new laws are going to completely alter how businesses and public sector organizations handle information about their client’s clients.
Is GDPR A Massive Change?
Not according to the UK’s Information Commissioner. Elizabeth Denham handles data protection enforcement in the UK. She says that the level of fear being spread to shake up businesses is unwarranted. According to her, the GDPR is not a revolution. However, this hasn’t done much to alleviate the worries and fears of business owners in the UK and the rest of Europe.
GDPR In More Detail
The GDPR will be used to replace the 1995 data protection directive. We currently use this to monitor and regulate data usage by businesses. According to the official website of the GDPR, the purpose is to make sure that data usage is harmonized across Europe. This does provide a range of benefits. For instance, imagine if you owned an international company that decided to set up shop in a European company. Or perhaps even multiple European companies. It would be helpful to know that data regulation laws were the same across Europe, wouldn’t they?
It officially arrived on May 25, 2018. So you might want to mark that date on your calendar if you are a business owner. Though, really, you should already have that note. After all, businesses have had two years to prepare for the law to come into force and to ensure that they are up-to-date and compliant.
Wait, Don’t We Already Have Data Protection Laws?
As already mentioned, there are data protection laws already in place. Indeed, some countries, like the countries in the UK, already have laws like the Data Protection Act 1998. Many of the new regulations in the GDPR are present in this old regulation. However, there are also minor changes, and some European countries have more outdated data protection regulations. Also, even if they are minor changes, it is worth being aware of them. The cost of failing to remain compliant is severe, as we’re about to show.
Why Do Business Owners Need To Worry?
You will face harsh penalties if your business isn’t compliant with the laws. You could be forced to pay up two percent of your worldwide turnover or ten million euros. Nope, you don’t get to choose which one. To make matters even worse, you’ll need to cough up whichever is higher. This shows how seriously the EU is now taking data protection. That shouldn’t be particularly surprising. After all, over the last couple of years, big businesses have seen a string of issues with data security.
Who Else Will It Impact?
It’s not just business owners who need to be aware of the changes that the GDPR will bring. Anyone thinking about setting up a startup must be aware of this as well. Customers might want to familiarise themselves with it. While public authorities are also going to face the burn of the new regulations. Yes, councils, police, and hospitals will all need to ensure they are GDPR compliant. Finally, employees could also be held accountable for breaches that impact the security of data or break the new laws that apply to data gathering.
What’s Changing?
A lot is the short answer to that question. In fact, despite experts claiming the changes are minor, there are over 99 articles in the full GDPR for a business owner to skim. This includes complete information on customers’ new rights and responsibilities of businesses and public authorities. This consists of the new rights customers have to determine what data a company holds. Customers can also now opt out of you storing their data. If you use it, you must tell them what it is used for. You must ask for second permission if you use it again for a different purpose. This is just one example of how the law is changing.
You should focus on two significant changes: accountability and data access. Basically, under the GDPR, companies, and public authorities will be far more accountable when using the personal information of individuals. This changes everything from how data is processed to the regulatory methods that must be in place. For instance, if you’re running a company with over 250 employees, you need to make sure you have documents showing why data is being collected and how it’s being used.
So, what can you do as a business owner to prepare for the GDPR? While it might seem overkill, hiring an expert may be worth it. That way, you can ensure that your company is GDPR compliant, and there’s no chance you’ll have to pay that massive fine.
