If you haven’t heard of the upcoming General Data Protection Regulation (GDPR), you really need to. Set to come into effect next May, the GDPR aims to place the responsibility for protecting personal data with the businesses that hold that data.
An initiative of the EU, the GDPR hold a person’s personal data to include the “name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person”. This broadens the definition of personal data by quite some degree, meaning that many businesses will need to review their current operations.
There are several rules that must be followed, but businesses will need to:
- Use valid data collection methods
- Use transparent storage
- Provide the option for data subjects to delete, edit, and export any information in your possession
- Report any breach of data within 72 hours
These rules apply to data collected from all EU subjects, and it covers even those businesses that are outside of the EU. As such, UK-based businesses need to make sure they are GDPR compliant regardless of Brexit. If you’re planning to keep the data of even one EU citizen, you need to follow the new regulations.
And it certainly pays to do so. The GDPR is set to be reinforced by high penalties. If you fail to adhere to regulations, your fines could run up to either 20 million Euros or 4% of your total annual worldwide revenue, depending on which number is higher.
Compliance with GDPR is incredibly important, and you should really start ensuring that your business meets these new standards before they come into effect next year. Take the time to review your data storage operations to ensure that your business is protected against risk.