Unless you’ve been living on a remote island with no internet access, you’ll be aware of the ever increasing discussions on privacy and data security; largely fuelled by the looming deadline set by the European Union to become fully compliant with the GDPR by May 25, 2018.
So, what is the GDPR? How will it impact your business and your customers?
The General Data Protection Regulation was designed to harmonise data privacy laws across Europe, protecting and empowering all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. Updates to the GDPR were announced in 2016 with a series of reforms modernising data protection rules across the EU. It will make companies accountable and strengthen consumer rights for better comprehension of how companies track and use data about them.
This is a sign of the times and an indication of the direction that we’re all heading. It is safe to say we can expect that more regions (including Australia) will follow suit with similar reforms, sooner rather than later.
When we use our data well, we reap the benefits of a clearer understanding of our customers, improved targeting, reduced wastage and increased predictive opportunities. However, if companies want to make use of this information they also need to ensure their organisation and customers’ data is safe and secure.
Few clients in Australia will be directly operating across the EU, though many are part of global organisations that will be impacted. Regardless, it’s important that all digital companies are aware of the changes and how they could potentially impact your business.
Key considerations from the GDPR are:
- Any company that works with information relating to EU citizens will need to comply.
- The requirements extend offshore – In the past many companies have avoided data protection requirements because data centres are housed offshore. No longer is this acceptable – if you manage and store data of EU citizens, you need to be compliant.
- The GDPR redefines what is deemed personal data – any data that can be used to identify an individual is now classified as ‘Personal Data’. This extends down to a user’s IP address.
- Public authorities will require a ‘Data Projection Officer’ for systematic monitoring and reporting.
- Organisations need to use simpler, clearer language to inform their customers what is actually tracked and what the data will be used for.
- Companies dealing with high-risk data will need to conduct a PIA (privacy impact assessment).
- Any Breaches will need to be reported to the relevant local authority within 72 hours.
- Clients must be able to facilitate ‘The right to be forgotten’.
- If companies fail to be compliant they risk a fine of up to 20million EUR or 4% (whichever is higher) of global revenue.
So does the GDPR affect me?
Whether or not your company will be directly affected by the changes in European legislation will come down to individual circumstances; Are you a global organisation? Who are your customers? Do you directly target or market to individuals located in the EU? Even if you’re not directly impacted, now is the time to start considering how you handle your data. Privacy and data protection laws and requirements are only going to be scrutinised further. We’re navigating new frontiers with ever increasing volumes of data generated from the Internet of Things (IoT) and the increased usage of data and cloud services. Meanwhile, it seems almost every other day there is news of a major data breach or an act of digital terrorism. Regardless of where you are based, now is the time to act and ensure that your organisation is in full control of your data.
Begin by asking yourself a few questions:
- Where is personal data stored?
- How secure is it?
- Who has control of this data?
- Is the data shared?
- Do you hold data of EU residents?
- Do you use analytics systems to track behaviour?
- Do you log or store any data about your customers such as unique identifiers or IP addresses?
If you can’t confidently answer these questions, then you need to start considering how the GDPR (or similar legislation locally) might affect your business.
If you want to learn more about what the GDRP means to your business and ensure that your analytics configuration is not putting your business at risk, reach out to your Columbus Account Manager to see how we can help you.