In today’s digital world, a frightening amount of personal information—banking information, contact lists, our IP address, documents, and social media feeds—is available online. Have we, as consumers, ever wondered how this data is collected, stored, and used? This is why in May 2018, a European privacy regulation called GDPR became mandatory for all businesses dealing with European citizens. As a machine learning services and data entry services provider and a GDPR compliant firm, iTech briefly explains all you need to know about GDPR.
Are all companies GDPR compliant yet?
Dell and Dimension Research came out with surprising facts from their survey of 800 professionals responsible for data protection. It found that 80 percent of those surveyed have little or no idea of what is involved in the GDPR. Months after it became mandatory, 1 in 4 companies still has to work on becoming GDPR compliant. And it is not just smaller businesses but even many tech companies that are trailing in this. It is time to do a fast catch-up if you don’t want to pay hefty amounts.
Many companies beyond Europe, particularly in America as well as Asia, are setting up compliance programs. Whatever be your industry and wherever your location is, here is a summarization of what GDPR is and how it can impact your business and tips to get compliant.
GDPR and data capture
On May 25, 2018, the new General Data Protection Regulation or GDPR came into effect. It applies to all businesses that sell to citizens in Europe. It also includes all technical processing companies that process the information on the seller’s behalf. What GDPR means is that customers have more control over their personal data. This data relates to anything about a person: name, photo, email address, bank details, location details, medical information, or computer IP.
This will have a far-reaching impact on businesses when it comes to customer engagement. We no longer use the old opt-out process or implicit consent; we have already seen it with Facebook. The social media giant has had to switch to an opt-in consent process. Under the law’s eyes, inaction on the user’s part cannot imply that they consent to their data capture.
Why businesses must get GDPR compliant
Companies will have to review all their business processes and overhaul their sign-up forms. For example, if you send a newsletter, you will have to prove that the customer explicitly opted for it. A blanket acceptance will no longer hold good for all user engagement. Also, businesses cannot deny customer service, such as making a website inaccessible because they did not accept the capture of their personal details.
Under the GDPR, individuals have eight fundamental rights
- The right to request access to personal data and know-how business is using it.
- The right to be forgotten is the right to withdraw consent and have their information deleted anytime. The responsibility is solely on the business to remove the data from all parties in the custody chain.
- The right to transfer allows the business to transfer data from one provider to another.
- The right to be informed is where the user knows before any data is collected.
- The right to know when the data is collected, and the user has full authority to update the information at any time.
- Individuals also have the right to restrict their data from being shared.
- They have the right to stop the data from being used for any direct marketing activity.
- And most important of all. For any data breach, inform the users within 72 hours of the company becoming aware of it. This makes it vital for businesses to implement security checks at every level and implement a notification system as we
Penalties for GDPR violations
The General Data Protection Regulation Bill intends to build trust between consumers and businesses handling their personal data. Any violation can attract hefty penalties both on the data controllers as well as the data processors. Of severe breaches, fines can go up to 20 million euros or 4 percent of global turnover, whichever is higher. The amount of penalty varies based on factors such as the steps taken to be GDPR compliant, the severity of the data breach, the mechanism in place to prevent a data breach, etc.
Recognizing the importance of GDPR, iTech all the required steps to be compliant in all our services—data entry outsourcing services, freight audit services, medical insurance verification, and more. Contact us! For secure data services.