Published: May 18, 2018
What is GDPR?On Oct. 6, 2015, the European Union and United States Safe Harbor provisions were ruled as invalid by the European Court of Justice. Companies relied on these provisions for the transfer of information between the United States and the European Union/European Economic Area (EU/EEA). Thus, GDPR was enacted in 2017 to align privacy laws across Europe and put EU and EEA citizens in control of their digital data. It went into effect on May 25, 2018.
Who does this impact?If you think you’re safe from making any changes simply because your business isn’t located in the EU or EEA, you could be mistaken. If you provide goods or services to the EU and EEA or have personal data from or about any of their citizens, you are affected and may need to make adjustments to comply with GDPR. [caption id="attachment_7064" align="aligncenter" width="482"] Source: SugarCRM[/caption] Personal data is defined as anything that would allow an individual to be directly or indirectly identified, including email, location and a unique identification number, to name a few. GDPR specifically applies to data controllers and data processors, meaning those who determine the purpose of the data (your company) and those who process the data on behalf of the controller (Google Analytics, for example) respectively.
What does this effect?Frankly, more than you can imagine. Consumers’ personal data can be found in Google Analytics, ad buying platforms including Google AdWords, social media platforms and their corresponding business/ad manager sites, email lists and contact forms, recorded UX sessions, CRM data, e-commerce and loyalty programs, and the list goes on and on. Citizens of the EU and EEA now have full rights to access, remove and control their own personal data under GDPR. A few of the specific rights laid out in GDPR include:
- Individual Consent — organizations must clearly request consent to use a consumers’ data.
- The Right to Access — organizations must be able to provide individuals with access to their own data and explain how it is used.
- The Right to be Forgotten — consumers have the right to remove their data from a data system.
- Data Breach Notification — consumers have the right to be notified when their personal information has been breached.