What is GDPR?
GDPR stands for General Data Protection Regulation, a new set of data privacy laws that goes into effect on May 25, 2018 throughout the EU. It aims to allow EU citizens to have more control over their private data by forcing companies to be more transparent about what information they collect, what they do with it and implement data collection consent forms. This means that companies may no longer have vaguely-worded Terms of Service agreements, they must recognize new forms of data, and customers must opt in to allow companies to collect their data.
Whom does it affect?
GDPR affects every business within the EU as well as those that do business in it. So, for example, if your business is located in the US but you have customers in the EU, you must still comply with GDPR for that market. This is why major companies throughout the US and abroad have been double and triple checking that they're ready.
What are some essential things to know?
You can visit the Information Commissioner's Office (ICO) to see a full list of what to expect and how to prepare, but here are some of the major takeaways:
- Beefing up security is a must since data breaches will be taken much more seriously. Companies that experience a data breach must report it to the ICO within 72 hours.
- "Personal data" has been redefined to include photos, bank details, social media names and posts, medical information and IP addresses.
- More detailed descriptions regarding the purpose of data collection must be explained to customers.
- Customers are now allowed to ask companies for access to their collected data, and companies must comply. Customers are also allowed to tell companies to completely erase all data collected on them.
What are the GDPR penalties?
Punishments are very severe, which is why small businesses must be aware and prepared. Any organization in violation of GDPR laws will be fined $24.6 million OR 4% of their annual global turnover -- whichever is bigger.
The stakes have never been higher when it comes to ensuring data protection compliance. There are sure to be companies caught in the proverbial net, facing penalty during this transition; don't be one of them! R4 Services specializes in data protection and file destruction to ensure compliance. We have a brand-new state-of-the-art hard drive shredder as well as bulk paper shredding services, available both onsite and off, for your business. If you have customers in the EU, it's imperative to comply with the new privacy regulations, so give us a call to securely destroy unnecessary files. Even if you don't have customers in the EU, it's not hard to imagine that similar laws may make their way to the US soon, so get informed!