The incoming General Data Protection Regulation (GDPR) launch is a hot topic at the moment, and that's not surprising. After all, it's the most significant change to data protection laws in several years, and it also includes the deployment of heavy penalties for companies that break the rules. Only time will tell just how strictly the rules are enforced, but the legislation is set up in such a way that if you do get caught out, you're in a lot of trouble.
One of the big problems with the GDPR is that a lot of people don't understand what's covered and what they need to do to make sure that they're in full compliance. That's why we've done the hard work for you by bringing everything you need to know together into a single blog post. So if you're not quite sure what the deal is then don't worry. Read on to find out the five most important things you need to know about GDPR.
1. It comes into effect soon
The deadline for GDPR compliance is Friday 25th May 2018, and any company that's not in full compliance after that date could find itself on the receiving end of some steep penalties including massive fines. It's likely that some lenience will be given during the early days of the new regulations, especially if companies can prove that they're already taking steps to bring themselves into full compliance. But it's better to make sure that you're not breaking the law in the first place.
Honestly, if you haven't started on the path to compliance then it's probably too late to bring your company fully in line by the time that the deadline passes. That doesn't mean you shouldn't try, though.
2. It has massive penalties
The GDPR relies on two different tiers of fine that you can be subjected to, but either way it's better to avoid them altogether. The lower tier comes in at up to €10 million or 2% of the company's annual global turnover, while the higher tier comes in at up to €20 million or 4% of the annual global turnover. And of course, they'll fine you whichever is highest.
These penalties are much more severe than the penalties attached to previous legislation, and there's a reason for that. Older laws have failed to keep up with the amount of data that we create and the importance that we place on it. Data is now a more valuable commodity than oil. It's no wonder that the fines for non-compliance are so high.
3. It holds true across the world
Many people seem to think that they'll get away with non-compliance because they're not physically located in the European Union. After all, it's EU legislation and it covers EU citizens. But the companies that believe this will be the ones who find themselves with an unexpected fine that could cripple their company.
That's because the GDPR applies to any business that processes the personal data of EU citizens, regardless of where those businesses are physically located. So if your website allows EU visitors to create accounts or if you ship products and process payments internationally, you're covered by the GDPR and you need to make sure that you're in compliance.
4. It's topical
Let's face it, data and the way that companies are allowed to use it are hot topics at the moment, thanks in part to the Cambridge Analytica scandal that's currently rocking Facebook. If personal data can be used to sway elections then it's no surprise that the use and storage of personal data is under more scrutiny than ever.
In fact, while the fines for GDPR non-compliance can be devastating and enough to kill a company outright, the damage to your reputation could be just as bad. Nobody's going to want to work with you or to buy from you if they think that you're not going to keep their data secure, and you're sure to hit the news if you're one of the first people to be fined.
5. It's for the common good
At the end of the day, new regulations like these are only being developed in the first place because it's in the best interests of the general public. GDPR is designed to protect people's privacy and not just to cause inconvenience to digital marketers. Sure, it might seem like an inconvenience to make sure that your approach to data collection and data processing is up to date, but you're not just doing it for yourself. You're doing it to protect your customers.
When you look at it like that, GDPR compliance is a no-brainer. After all, it's difficult to overstate how important it is to put customers first in today's digital landscape. GDPR is designed to give consumers more control over their data and to make it easier than ever before for them to stand up to abuse and misuse by big companies. Ultimately, the changes that it's ushering in are for the good of all of us, which means that if you're handling customers' data, you have a moral responsibility to treat it in a responsible way.
By now, you should have a good idea of what GDPR is and how it might affect you. The next step is to make sure that you're in full compliance, whether that involves bringing in an external agency to help out or whether that means dramatically redeveloping your own internal policies to make sure that you're in compliance.
The good news is that by taking steps now, you can save yourself a lot of trouble down the line. Even if you ignore the risk of being fined, there's still the potential damage to your company's reputation if you're exposed as being in breach of the GDPR. Not to mention the fact that if it's your department that gets it wrong, someone's going to find themselves looking for a new job.
Ultimately, if this article does nothing else, we hope it acts as a reminder that GDPR is coming and that if you're not prepared for it, it's going to cost you a ton of money. Honestly, it's not worth the risk of non-compliance. And if you fail to update your systems and get penalized then don't say we didn't warn you. Good luck.