GENERAL DATA PROTECTION REGULATION (GDPR)
On 21 October 2013, Civil Liberties MEPs voted on implementing a reform of current EU Data Protection rules which aims to put people back in control of their personal data, enhance and build trust in social media and online shopping, and upgrade the protection of personal data processed by police and judicial authorities. Following years of deliberation and debate on these proposed regulations, the European Parliament gave final approval to the enactment of the new EU Data Protection legislation on 14th April 2016 and it entered into force 20 days later. The regulations shall apply unilaterally in all EU member states within 2 years of publication, with the official compliance date being 25th May 2018. The implications for business are significant.
Who is GDPR this for?
1) Those companies that handle personal data of EU Nationals as a core business activity, such an BPOs working for EU based companies directly or indirectly or companies who employs EU Nationals.
2) Companies that deal mainly with personal data of their employees or have lists of clients and customers based out of EU.
3) eCommerce companies that store personal data of EU Nationals as a part of going online businesses.
What is personal data?
Personal data is any information that relates to an actual living individual. This includes, for instance: name, surname, home address, e-mail address or location data from the map on your mobile. Typically, this would be the case of the personal data you might hold on your employees, your clients or your suppliers.
This would need deep analysis to understand if any organization stores such data, directly or indirectly. Expertise would be needed for this assessment.
Some key principles for GDPR Compliance.
Collect personal data with clearly defined purpose, and don’t use them for something else (if you tell your clients to give you their email so they can get your new offers or promotions, you can’t use this email for anything else or sell it to another business).
Don’t collect more data than you need (if you do home delivery, you need e.g. an address, a name on the buzzer, but you don’t need to know if this person is married or single) – simply be mindful of the personal data under your control.