What is GDPR?

GDPR was introduced to give consumers greater protection online; it requires organisations to protect the data of anyone it collects data from online who lives in the EU. This is why you may have noticed an increase of “agree” buttons as you browse online.

What do I have to do?

You just need to be transparent with prospects, customers and visitors about how their personal data is processed, and if they ask to be removed from your system, you must do so completely.

Though it may seem like a lot of hassle, it sounds more difficult to implement than it is, and it increases trust between you and your customers, not to mention that it also protects you, if you are an EU citizen.

GDPR Rights

GDPR gives individuals eight basic rights:

  • The right to access – this means you need to be able to show someone what data you hold and tell them how you use it, should they ask, free of charge.
  • The right to be forgotten – if someone is no longer a customer of yours or they tell you they don’t want you to store their data, you must delete it.
  • The right to data portability – people have a right to transfer their data from one service provider to another.
  • The right to be informed – you must tell them that you are going to gather their information and they must opt-in. It cannot be implied.
  • The right to have information corrected – if it’s wrong, you must change it.
  • The right to restrict processing – they can tell you not to use their data.
  • The right to object – if someone tells you to stop processing their data you must do so immediately. They need to be aware you are going to process their information.
  • The right to be notified – if there has been a data breach where data has been compromised you must notify them within 72 hours.

How do I implement GDPR?

For some small businesses you will have very little to do, but if you’re a larger company storing data or working with a CRM you’ll need to take measures to ensure you are compliant. The answer to this question varies greatly, but there is fantastic article you can read here that goes very in-depth into all the legal nuances of GDPR.