The EU Data Protection Reform was first proposed by the European Commission in January 2012. Its aim was to update regulation so it would be fit for the digital age. In April 2016, the new Regulation and Directive were adopted by the European Parliament, and is set to apply from 25 May 2018 onwards. The GDPR will be applicable to all businesses and organisations that deal with data relating to EU citizens. Despite the Brexit, the UK will also implement the new GDPR.
The GDPR gives consumers more control on what data, and how this data is will be used by businesses and organisations. Under the new GDPR, the definition of personal data will be broadened, and there will be more emphasis on consent. This means that all data that can be deemed to identify someone, is classed as personal data.
GDPR will place extra responsibility on businesses to be clear about what information they hold, where it comes from, who it is shared with, and what they intend to use it for. That requires documenting and recording exactly how data is processed and what permissions exist. This means adapting the ways how data is obtained and used. Be aware that it will also affect your data protection procedures, as they will need to be much stricter.
The new rules also apply to Marketing in the form of mailings. First party marketing applies to existing customers/warm leads, and you need to provide an opt-out message. Third party marketing (cold leads) must have opted-in for the mailing. This will make sourcing of name and address data –with the correct proof of consent- much harder. Entrepreneurs that ship their products cross border within the EU have make sure they revisit their online data policy in order to make it compliant. The implementation of the GDPR will come with big changes in the way your business handles data protection. As it will become effective in May 2018, there is still time to make the necessary changes. Conducting thorough research and getting some professional advice should help you getting your preparations right. For more information we advise you to visit the official website http://www.eugdpr.org.