GDPR Countdown What happens if I don’t comply?
If you’re thinking that GDPR won’t affect you then you might need to think again. Regardless of where your organization is based, if you do business with any EC citizens you will need to comply...
T
he European Union’s (EU) General Data Protection Regulation (GDPR) becomes law on 25th May 2018 and is the EU’s answer to data protection for the modern day, affecting anyone processing and holding data on EC citizens. Doing nothing to comply may not have any impact in the short term, but down the line it could seriously affect your business. What is GDPR? As technology has developed, it’s long been recognised that previous data protection legislation was no longer fit for purpose. GDPR looks to return ownership of all personal data to the individual so they can control who can hold their data, where it is stored and how it is processed. It also gives an individual the right to have any data erased if they wish. The recent data security breach at Facebook, implicating Cambridge Analytica, is a prime example of the type of scenario the legislation is designed to protect against. What’s needed for GDPR compliance? For business, this is the biggest marketing and compliance challenge organizations have faced for some time. There are strict requirements to abide by and 86 / Issue 15
@ReallySimpleSys
Helen Armour, Head of Marketing, Really Simple Systems CRM Helen came to the world of CRM three years ago, having spent most of her career in the travel and leisure industry. Understanding the issues that GDPR brings for marketers worldwide, Helen and the team at Really Simple Systems have looked for solutions to help small businesses comply with the legislation by publishing guides and developing marketing compliance features in their CRM.
anyone not happy with how you use their data can make a complaint to the regulatory body.
find stories of questionable data protection activity. This, along with an increase in cybercrime, creates heightened awareness of data The main areas GDPR looks to security. Already there is a move address are: away from social media and people are increasingly Data Protection – cautious about the data of EC who they give “For business, citizens must be their personal this is the biggest held securely, data to. marketing and and it must compliance challenge remain within Most of us will organizations have the EU or a few have received faced for some time” emails already other approved countries, including from organizations Switzerland but seeking our consent to excluding the US and continue being mailed. As Australia awareness spreads, more and more Consent – individuals need to have people will look to make sure the given you explicit consent to be organizations they put their faith contacted with your marketing in are compliant. Failure to adopt Data Portability – the personal data the regulation is likely to leave your you hold must be made available to business isolated as you can be the citizen if they request it sure that your competitors will seize Right to Erasure – the individual the opportunity and leap ahead by can request to have their data promoting their compliance. deleted and you will have to comply Data Breaches – there are strict What should I do to comply? rules for reporting any data breaches that may occur First, you’ll want to check that the Fines and Sanctions – if you don’t data you hold is being stored and comply you could be faced with accessed in compliance with GDPR. a big fine, up to 20m Euros or 4% The data cannot leave the EU at global revenues, whichever is any stage and access needs to be higher restricted to just the people who need it to do their jobs. If you are Data security consciousness using any external systems, for example, for your HR, accounting As with the Facebook breach, or CRM, you should check these you don’t have to look too far to are compliant and that the data
XU Magazine - the independent magazine for Xero users, by Xero users. Find us online at: xumagazine.com
