We’re all hearing a lot of talk about GDPR and it’s sounding very scary. But don’t worry, we’re going to give you a brief description. It’s nothing to worry about. It is simply a new regulation that will replace the Data Regulation Act. And as citizens of the EU, it is being put in place to protect all of our personal data.
The Basics – What is GDPR?
GDPR is the EU General Data Protection Regulation which will replace the Data Protection Act (DPA) 1998 in the UK, Data Protection Act 1988 and Data Protection Act (Amended) 2003 in Ireland and the equivalent across the EU Member States.
The General Data Protection Regulation (GDPR) is a new digital privacy regulation being introduced on the 25th of May, 2018. It standardizes a wide range of different privacy legislation’s across the EU into one central set of regulations that will protect users in all member states. And failure to meet the new regulations could result in a fine.
Simply put, this means companies will now be required to build in privacy settings into their digital products and websites – and have them switched on by default. Companies also need to regularly conduct privacy impact assessments, strengthen the way they seek permission to use the data, document the ways they use personal data and improve the way they communicate data breaches.
The GDPR is one of the biggest changes in privacy legislation. The new EU regulation replaces the current, outdated, privacy laws in all EU member states and aims to protect the current privacy of the EU citizen.
How will it affect your business?
As long as you follow the guidelines there will be no problem and you can continue to trade as usual. But not abiding by the new regulations could mean a fine of up to €20 million or 4% of annual turnover, whichever is greater.
You should take two steps within your business:
1. Inform all employees about the new GDPR
2. Make sure all employees are mindful with customer information
Companies affected by GDPR are those which have:
- A presence in an EU country
- No presence in the EU, but it processes personal data of EU residents.
- More than 250 employees
- Fewer than 250 employees but its data processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.
Key Changes
Consent
From May 25th it must be as easy to withdraw consent as it will be to give consent – GDPR is strengthening the conditions of consent.
What this means for customers is no more long, boring terms and conditions, T&C’s must be presented in a way that is easy to understand.
Right to Access
Under this change, you now have the right to information on how exactly your data is being processed, where and for what purpose.
And for businesses, this means that you now have to give this information freely.
Right to be forgotten
The right to be forgotten entitles you to have the data holder erase personal data on request.
Increased Territorial – GDPR outside the EU
This effectively means that any company outside of the EU processing data of an EU resident will now have to follow GDPR regulation. This simply means that, as an EU resident, your data is now protected globally and is one of the biggest changes to regulations.
Penalties
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million. Which is the maximum fine that can be imposed for the most serious infringements.
How GDPR affects SMS Marketing and Bulk Text
Can I still send customers text messages after GDPR legislation comes into effect?
YES – Yes you can continue to text your customer.
Do I need to get my existing customers to re-opt-in?
No. Most businesses will be able to continue to contact their existing customer base without interruption. If you have previously been messaging your customers then you do not necessarily have to re-request their permission.
Where you can find out more:
https://www.dataprotection.ie/docs/GDPR/1623.htm
https://edubirdie.com/wp-content/uploads/2023/05/preparing-for-the-gdpr.pdf
Saoirse