A place for startup entrepreneurs to meet in Pune
We now live in a global landscape, where data has quickly become a powerful currency. It's not unusual to collect customer data, with Internet automation driving our businesses.
But pre-checked boxes and implied consent won’t matter come May 25, 2018. That's when European Union’s General Data Protection Regulation (GDPR) goes into effect.
GDPR has one simple goal: Empower EU citizens by giving them complete control over their personal data and privacy.
As a company, this move might seem redundant to you. 74% of businesses don’t consider their ‘privacy track record’ as a top issue for consumers when they decide who to do business with.
Nonetheless, 92% of US consumers don't want “their browsing data sold or shared without permission.” 88% of European customers view “data security as the most important factor when choosing where to spend their money.”
Before we delve into how the GDPR will redefine your business, let’s first understand what this directive entails.
What does GDPR involve?
If you have a company (also a public body) that collects, holds, or uses personal data on EU citizens for any business-related purposes, irrespective of company location, you’ll be held responsible for data protection and compliance detailed out in this directive.
So, whether it’s for hotel reservations, marketing, or even advertising, you’ll need to employ GDPR compliance from May 2018.
Even if you’re a third-party service provider processing data to offer goods and services to the EU states. Or monitoring the behavior of data subjects within the EU.
Data subjects, i.e. your customers, have the final authority in companies using their personal data which – according to the GDPR – identifies an individual directly or indirectly.
The individual is at the core of data protection with increased enforcement and tough fines for noncompliance.
Through the GDPR, customers now have the right to be forgotten at will, to know how their data is being used/stored, to be informed in case of any data breach, and to data portability at any point.
73% of privacy professionals see the GDPR as “the single most important advancement in privacy history” in the last 20 years.
What defines personal data?
There are two main categories you need to consider with GDPR compliance:
➢ Personal data
➢ Sensitive personal data
Personal data includes: Name, location data, IP address, cookie data, identification numbers, and RFID Tags.
Whereas sensitive data relates to health, genetics, biometrics, race/ethnicity, sexual orientation, and political preferences.
Per the GDPR, if you process more than 5,000 subjects in any 12-month period, then your company must comply.
Benefits of the GDPR
Challenges of the GDPR
Quick note: If you haven’t introduced GDPR-compliant measures in your business yet, you’re already at a massive disadvantage.
Checklist to becoming a GDPR-compliant data controller or processor:
Wherever you’re in the GDPR execution process, you can use this checklist to review and apply the next steps to develop your data compliance, transfer, and recovery infrastructures.
➢ Determine your position under the GDPR
➢ Conduct risk assessment through data flow gap analysis
➢ Hire a Data Protection Officer
➢ Integrate privacy by design
➢ Review cross-border data flow
➢ Merge data storage wherever possible
➢ Maintain accountability in every personal data processing activity
➢ Employ end-to-end security measures
➢ Approach data compliance proactively
➢ Put consumers first
➢ Be ready for consumers exercising their rights
. . . .
Data is one of the most valuable assets for a business nowadays. Which means data protection goes beyond a legislative activity that strengthens brand and customer relationship.
Yes, you might have to treat every data point as a European one. Hire technical expertise to introduce the overhaul. Spend a fortune to ensure GDPR compliance, internally and externally.
But when you approach the GDPR in a holistic, detailed manner, you can nurture a rewarding bond with consumers based on trust and process.