Einstein said "if you can't explain it simply, you don't understand it well enough."
GDPR stands for General Data Protection Regulation. Companies and organisations have to give a lawful reason for holding your data (even if it's just name and email address) and they have to show that they are keeping it safe.
What does this mean for Individuals?
For individuals like us, GDPR is brilliant! If you want any social media platform to delete a photo of you, they have to delete it. Companies will also need a deliberate consent to be able to email us - actually - not only can they not email us, they can't even store our email addresses. This means no tricks. Companies can't even pre-tick the "receive news and updates" box at checkout.
Companies and organisations can get fined up to 4% of their annual turnover or €20 million, if they aren't compliant
Did you know: data protection laws in Europe haven't been updated since 1998
This law doesn't affect individuals outside of the EU but, other countries have their own versions. The US has it's own privacy model which isn't that much different.
What does this mean for Organisations?
If you're a company or an organisation, then I wish you all the best. You'll need all the luck you can gather because, there are a lot of rules coming your way.
I've written and re-written this part of the article at least 3 times. It all summarises down to 1 thing: giving people full control over how you use their data.
GDPR gives customers a lot of power by shoving a ton of rules and regulations on companies and organisations.
- Can't use pre-ticked opt-in boxes
- Have to specify how you're going to use the data
- Have to tell people that they can opt-out
- Click here for a full list
Remember when I said GDPR only applies to individuals in Europe? Well that is just for individuals. If you're a company, it doesn't matter where you're based, if you have customers in Europe, then GDPR applies to you.
So what's the action plan?
GDPR came in to affect last month (25th May 2018) but still, more than 40% of the companies are not compliant. Companies should get in contact with an agency that consults in GDPR compliance and audits the whole company. Trust me, the alternative is much more expensive.
Good news is, if you were already compliant (without knowing) then you don't need to get consent again, but if you weren't compliant, then you either have to get consent again, or remove all private data related to that individual.
Haven't collected data in the past?
Collecting data like, email addresses is harder now but not impossible. Just make it as easy as possible for your customer/client to know exactly what they're getting themselves into, and make it super-easy for them to opt-out if they want to take consent away. Simple