GDPR has come into effect, but there are still many people who do not know what this means for their business. If you are one of these people, there is a lot of information that you need to know about GDPR. This information can help you ensure that you comply with the regulation and continue doing business in the European Union.
What Is GDPR?
GDPR or the General Data Protection Regulation is a law in the European Union that came into effect on May 25, 2018. The law has been designed to provide citizens of the EU greater protection in their personal data. The law regulates how data is collected, stored, and used by companies, and there are strict requirements in place for companies that handle personal data.
As with all laws, there are penalties if you are found to be in breach of GDPR. The fines are substantial, and you need to be aware of this. Any company that is found to not comply with GDPR will face a fine of 2% of their annual turnover or €10 million. For more serious non-compliance cases, the penalties will be increased to 4% of the company’s annual turnover or €20 million.
Who Needs To Comply?
While it is important to know what GDPR is and the penalties you can face for non-compliance, you also need to know if this actually applies to you. You will need to comply with GDPR if you collect any personal data from an EU resident. This is not limited to financial transactions, but email addresses and IP addresses.
What Is Considered Personal Data?
In terms of GDPR, the classification of personal information is broader than the previous classification. According to the regulation, personal information is any information that can be used to identify someone directly indirectly. This will include the standard personal information such as name, address, and date of birth, along with other information that you might not have considered. This other information will include tracking cookies, email addresses, and IP addresses.
Changes To Disclosures And Consent
Some of the biggest changes that companies have to make to stay compliant with GDPR relate to their disclosures and how they get consent from residents of the EU. According to the regulation, consent will need to be clear and explicit. This means that the consent will need to be voluntary on the resident’s side and that the disclosure will have to be specific and informative.
If consent disclosures are ambiguous, the company will not be complying with the regulations. This means that opting in will need to be done consciously without any pre-ticked boxes or by default through silence. Additionally, the EU residents will need to be able to withdraw their consent at any time easily.
GDPR is in effect, and you need to ensure that you are compliant. If you are not compliant, you could face heavy fines, which might cripple your business.