ENSix months ago on May 25, the new GDPR privacy law was introduced. After an overload of information prior to the GDPR, it is surprisingly quiet after the introduction. The fear of the high fines and that companies would perish under GDPR seems to have faded over time. Or not? Do you know all the rules and do companies really follow them?
The General Data Protection Regulation (GDPR) was set up to ensure better protection of the personal data of EU citizens. It applies to any organization that collects personal data, even if you store the name of a customer.
Where are we now?
Just because you don’t hear much about it anymore, doesn’t mean it’s no longer there. In fact, it is just as important to keep up to date with GDPR now as it was six months ago. Since the official introduction of the GDPR, the European privacy authorities have received no less than 18,000 reports of data leaks.
Research by TrustArc showed that only 20% of companies surveyed are fully GDPR compliant whereas 27% think they are compliant. In addition, it turns out that people are also not aware of their rights.
For example, did you know that, as a customer, you have the “right to be forgotten”. It means a company has to delete all the data they gathered about you, if you request it. You also have a right to have less data processed. Moreover, companies are obliged to report data leaks to their national authority.
In which cases is personal data collected?
Despite the overflow of information prior to the GDPR, a lot of companies are still unaware of what it actually entails, and how you collect personal data.
Did you know that as a company that sends out a newsletter or use a contact form on your website, you are already collecting a plenty of personal data? You store and process names and email addresses of the readers which can cause problems if you do not clearly indicate what happens with this data.
You also collect data if, for example, you have a live chat on your website that directly asks for personal data. People must explicitly give permission to allow the collection of this data. A good example is our live chat (bottom right). You can use this directly without having to enter any personal data, making it GDPR-compliant. Furthermore, you can think of an app that uses voice recording or fingerprint which is also a form of collecting personal information.
Also have a look at our infographic about the GDPR for a compact overview of the GDPR.
What happens if I do not comply with the GDPR rules?
Under the GDPR, each Member State of the EU has its own national Data Protection Authority. Here citizens or companies can report data leaks or file a complaint if their privacy is not guaranteed.
Although you may not have received any complaints yet, it is still recommended to look into getting GDPR-ready. You can face high fines for not handling personal data carefully if, for example, you don’t have a data processing agreement or privacy policy. These fines can add up to as much as 20 million euros or 4% of the worldwide annual turnover.
Half a year after the introduction of the GDPR, it is certainly still relevant to keep the GDPR in mind. Interested in how you can store your company files in a GDPR-ready way? Continue to our infographic about the GDPR.