If you do business in Europe or have business dealings with any European organisation, then by now GDPR (General Data Protection Regulation) should be on your radar.
Next year, specifically on 25 May, a new European directive comes into force which will change the face of data protection forever and therefore the way that data processes and marketing operate. Amongst other things GDPR requires organisation to:
- obtain consent for the collection of personal data, i.e. consumers will have to opt in to receive marketing. This will replace the current opt-out model;
- delete data if the individual revokes their consent;
- ensure that the data held is accurate and is kept up to date, with every reasonable step taken to meet that requirement;
- notify the relevant data protection authority of data breaches within 72 hours of learning about the breach.
With less than 330 days to go until the new legislation becomes law the media is having a field day.
Every few hours a new report surfaces about how ill-prepared organisations are and, worse, how they are burying their heads in the sand. Reports from data protection specialists suggest that larger firms have more of a handle on compliance requirements whilst startups and SMEs are lagging behind. Ultimately, what counts, however, is that by the end of May 2018 organisations must be compliant or risk being fined up to 4 per cent of their global turnover which would result in bankruptcy for many of them.
What are your experiences of GDPR? Have you heard of it? Is your organisation on the road to compliance? Do you think there is enough support to become compliant?