If you’re wondering why GDPR has been spamming your email, it’s simple: it’s necessary to know what it is. In fact, negligence to the new regulation may risk millions, even hundreds of millions of dollars!
GDPR, short for General Data Protection Regulation, is a new regulation in European Union (EU) law that gives people unprecedented control over the data they share with companies & businesses. Old data protection laws ran obsolete, as they were made in a time before massive amounts of sensitive information were stored by companies like Facebook & Google. The GDPR now makes it necessary for better clarity and justification of need for sensitive information and personal data. Simply put, businesses must tell you why they need things like your company name, or even your phone number, without the confusing check boxes and terms of service.
So, what exactly counts as personal data under GDPR? Personal data is any data that identifies you, such as:
- Phone Number
- Location Data
- IP Address
- Sexual Orientation
- Health Data
- Political Standpoint
So why should this matter to you? Many companies outside of the EU that hold data from European consumers now fall under GDPR rules. Transparency is emphasized in this new regulation; hiding important digital information such as a change in policy or a breach is prohibited. In some cases, to even continue to be emailed, companies must ask their clients for permission again. Stricter laws now make it so that, for example, in the case of a massive security breach, companies are to send you a notice of the breach within 3 days. Another impact of this new regulation is that people now have the option to see your own personal data in case of curiosity or worry, and in most cases even demand to be “erased from the system.” Companies that don’t comply with the GDPR may be fined up to 20 million euros ($24 million dollars), or 4% of their global annual turnover — whichever is larger.
Here’s some steps for GDPR compliance:
1) Understanding the GDPR as a necessary regulation is key. Take time to understand the regulation and any actions needed. This will vary on a case-to-case level.
2) Separate the data you already have from GDPR risk to no-risk. Be sure to take into account any other risks, whether they be GDPR related or not. KNOW YOUR DATA!
3) The data with GDPR compliance risk must be attended to immediately. Classify data which falls under the category and plan what to do with it.
4) Be careful. It’s better to be safe than sorry. Consider sending subscription confirmation emails to your entire email marketing list, regardless of how that list was obtained.
The question still lies however — how important is this? Well, no one really knows how the GDPR impact will turn out in 5, 10, or 15 years. However, after data breach scandals, the world has taken notice that times are changing and is now set to adjust. For example, when the Cambridge Analytica scandal saw millions of Facebook users’ personal data stored and used without their consent, the notion that old data protection laws were outdated was bolstered. Ultimately, the GDPR can be seen as a spark for a safer digital world, and the start of much more.
Thanks for reading!