What is GDPR? And How Does It Protect Your Data!
In this modern era, the internet has dramatically changed the way we communicate with each other and how we handle our daily tasks. We send emails, we share documents, we pay bills and we purchase goods by entering all our personal details in online without giving a second thought. Have you ever wondered how much personal data you have shared till date? Or what happens to that personal information? This is the question that has been raised and answered by the EU and from there a new European Privacy Regulation called GDPR came into enforce and permanently changed the way business collect, store and process customer data!
So, what is GDPR?
GDPR stands for Global Data Protection Regulation – which has been implemented in all local privacy laws across the entire EU region. This law applies to all the companiesthat sell and store personal information about citizens in Europe. Hence, companies that collect data on citizens in European Union (EU) countries need to comply with strict new rules drafted by GDPR law geared towards customer data protection.
What Is ConsideredAs A Personal Data Under GDPR?
Under GDPR directive, personal data is any piece of information that relates to an identifiable person including:
- Email address,
- Bank details
- Location details,
- Computer IP address.
- Health and genetic data
- Social media profiles
- Biometric data
- Racial or ethnic data
- Cookie data and RFID tags
Why GDPR has been Drafted?
The EU wanted to give users more power over the use of their personal data, considering the fact that companies such as Facebook and Google have transferred access to people’s data to use their products and services. This law was enactedbefore the internet and technology had generated numerous and different ways to exploit the data. The European Union aims to boost trust in the evolving digital economy by implementing and improving data protection regulations, along with stronger compliance measures.
Secondly, the EU would like to give businesses and companies an easier, clearer and more legal framework in which to operate, making the regulations on database security across the single market. For instance, the EU estimates that it will help organizations save their business by EUR 2.3 billion a year.
What are the basic rights of an individual under GDPR?
Under the GDPR, individuals can exercise:
- The Right To Be Informed
Under GDPR, the individuals have the right to be informed about the collection and use of their personal data.
- The Right Of Access
Under GDPR, the individuals have the right to know whether data pertaining to him or her are being processed.
- The Right To Rectification
Under GDPR, the individuals can ask data controllers or companies to erase or rectify inaccurate or incomplete data.
- The Right To Erasure
Under GDPR, the individuals have right to ask you to delete their personal data if the data has been processed unlawfully.
- The Right To Restrict Processing
Under GDPR, the Individuals can ask you to restrict processing their personal data if they believe that their data is not accurate.
- The Right To Data Portability
Under GDPR, the individuals have the right to request data controller to transmit their data directly to another controller.
- The Right To Object To Processing
Under GDPR, the individuals have the right to object processing their data when they use it for direct marketing, including profiling.
- The Rights to Not Evaluate Based on Automated Decision Making And Profiling
Under GDPR, the individuals have the right not to subject to a decision that totally depend on automated processing and which significantly affects them.
What happens if companies and businesses don’t comply with the GDPR?
The EU regulation imposes heavy fines on entities in the public and private sectors that violate its terms and conditions. For example, authorities may fine companies up to EUR 20 million for non-compliance or up to 4% of their annual global turnover (revenue), whichever is greater.
What Impact Does GDPR Have on Customer Engagement?
GDPR has changed a lot many things especially when it comes to companies. Say for example your sales team prospect or the way the marketing activities have been managed. The companies will have to review the various business processes, applications and the forms to be the compliment with double opt in rules and emails marketing best practices.
The organizations will have to prove that the consent was given in a case where the individual objects to receiving the communication. In short, any database that has been held must actually turn out to have a trial that is time stamped and reported information of what exactly the contacted opted and how. If you are purchasing marketing lists you and your organization are still responsible for getting the right information even when the vendor or the outsourced data has been responsible for gathering the data.