Global Data Protection Regulation: What is it and why should you care?

Any business with a customer or client base will be holding data about those people. Whether it’s a big CRM system with thousands of files recording everything from date of birth to how many kids someone has and in depth financial information, or a local shop with a Mailchimp list of first name and email address. The GDPR was put in to place by the EU to protect people’s private information and comes into play as of May 2018. It’s essentially the rules that business’ need to follow in regards to the rights of those whose data you have, and the processes incase a breach does occur. The law relates to data belonging to people from within the EU, and applies to Australian businesses that are holding this data. In essence if you are a selling to a global customer base, you need to listen up.

The GDPR rules in a nutshell:

  1. You must make authorities aware of a breach within 72 hours of it occurring, if it is likely to “result in a risk for the rights and freedoms of individuals”, and notify the clients within 30 days.
  2. Clients can ask about their data. They have a right to know what you’re holding and how it’s being used, and why. If they want a copy of the data then you’re obligated to provide that, at no cost.
  3. Consent for you to collect data can be revoked. At any time, a person can ask you to delete all files and stop using them.
  4. Once your client receives their data, they can pass it onto whomever else they like.
  5. By law, you must have a system that is designed around privacy.

Things to note about GDPR:

  1. If you’re dealing with any businesses in the EU, be particularly mindful of the above. They take GDPR very seriously.
  2. Small businesses in Australia may be exempt from some of the rules. Having said that, it’s still smart to follow them. Cover yourself and your clients.
  3. Data protection isn’t a simple process. Get the help of a professional IT consultant to advise you on what systems to put into place.

The implication of not complying with GDPR rules can be hefty fines at the least. The bottom line here is every business needs top notch security put in place for all their IT systems.