The General Data Protection Regulation (GDPR) is a legal initiative of the EU. Aiming to protect consumers from unethical or non-transparent use of their personal data. This new regulation will be active from the 25th of May and affects all companies that process data.
So what is all the fuss about?
Firstly GDPR is very complex, with lawyers and regulators themselves unsure of many aspects. For this reason it is expected that there will be a soft honeymoon period at the beginning. What is very clear though is that this time the implications of not complying with GDPR are huge. Imagine that if any customer or even competitor charge you with malpractice, even one complaint, this is enough to bring a penalty of 4% of your global turnover or 20 million euros- whichever is higher. Having this in mind, we should all read carefully the GDPR compliance tips here:
- First of all, GDPR is a matter of corporate culture, not technical issues. In other words, all managers and business owners need to understand that they are not allowed to use any personal information- phone, email etc-. Without the explicit written consent from the consumer. For example, adding random emails to newsletter lists- ones that we might find on Google is clearly prohibited. If the recipient decides to place a complaint about the unauthorized communication, the domino is activated.
- Small companies need to get guidance from a multi-disciplinary team of specialists (technical, legal, marketing). Larger companies are obliged to hire a DPO (data protection officer) that will be responsible for the day-to-day compliance with the law. Companies with over 250 employees that don’t have a DPO are considered non-compliant. Therefore subject to the outrageous penalties we have already mentioned.
- The general idea is that companies have to ask their customers’ consent in order to send them newsletters, SMS or other kind of messages. If consent is not obtained, the user should immediately be removed from any list. Silence or inactivity cannot be considered as consent by any means.
- Also, the user of a website must be informed about the various cookies the webpage sends and to be able to delete them at any time.
- Even users that have given their consent must have a direct, clear and easy way to withdraw it. Sending an email to ask for someone to unsubscribe is not allowed anymore- there must be an easy and simple way.
These are only the key points of GDPR that highlight in a nutshell the urgency and importance of the situation. This is not simply the case of one more time that a regulation is applied but nobody complies and that is deemed ok. This time, things are serious and so are the fines. So, make sure that if you have not already, you have the appropriate guidance and take action.