The Importance of General Data Protection Regulation
In just under a year’s time, the General Data Protection Regulation (GDPR) laws will be adapting, signifying the most important change in data privacy regulation for 20 years. As the set of rules and regulations that governs the use of personal data within the EU, it is of huge importance for the majority of businesses in the region.
All companies and organisations that deal with data relating to EU citizens must comply by the new GDPR. The UK has said that despite Brexit, it will implement the EU’s GDPR anyway. Therefore, it is even more essential that your firm is familiar with the new regulations.
EU data protection reform was first proposed by the European Commission back in January 2012, with the aim of updating the regulation so it is fit for the digital age. In April 2016, the new Regulation and Directive were adopted by the European Parliament with it set to apply from 25 May 2018 onwards.
GDPR will apply to many businesses, defined as either controllers or processors. Controllers say how and why personal data is processed, subject to legal obligations and liabilities and are required to maintain records of personal data and processing activities. Processors are those who act on behalf of the controllers, but the legal obligations remain with the controller.
Changes to the Regulation
Much of the GDPR is similar to that of the Data Protection Act (1998), applying to personal data but with a broader definition. All data that can be deemed to identify someone is classed as personal data under the new GDPR. This includes everything from genetic and economic information to IP addresses.
The changes also place more emphasis on consent, putting customers more in control with what and how their data is used by organisations. An increased emphasis on individual rights regarding usage of their personal information means that many businesses will need to adapt how they obtain and use such data.
New transparency and individuals’ rights accommodations may need to be made within your business to ensure everything is covered under the GDPR changes. Whether it’s how you obtain and use information before, during and after arranging business parcel delivery or receiving consent to use such data, you need to be aware of the changes.
Impact for E-Commerce and Online Retailers
All online businesses such as e-commerce sites, online retailers and more will collect and have access to a wide range of customer and employee data. From IP addresses to all the details they have when processing orders, such as for payment, parcel delivery and more will apply. HR staff for such companies will also need to act and ensure that the business is compliant when it comes to dealing with employee data as well.
E-commerce and online retailers will need to think about how to tackle the issue of consent, especially for businesses that offer international parcel delivery to other EU countries. In some cases, it might be easiest and best to appoint either a full or part-time data protection officer to take care of things and ensure your business is compliant. There can be fines and further consequences if your data protection standards are not up to scratch.
How to Prepare
There is still just under a year to get your business compliant with the new GDPR. For safety, you should begin preparing now and there are many steps you can start taking to prepare for GDPR. These are some of the most important ones:
- Be aware that the data protection laws will be switching to GDPR (which, given you’ve read this far, you should be).
- Record all personal data you currently hold and obtain in the future, including where it came from and who it is shared with.
- Review and plan how you obtain and document consent.
- Put in place procedures for data breaches.
- Familiarise yourself with the new GDPR laws and procedures, hiring a data protection officer if you feel it necessary.
As long as your business is aware of the new GDPR, develops a plan to remain compliant and gets it in action before 25 May 2018, then it should be able to meet the new changes these data protection measures will introduce.