GDPR is the abbreviation of the General Data Protection Regulation. This regulation aims to protect the protection of the personal data of EU citizens and to control how companies and institutions process, store and use this data. Therefore, it applies to companies of all sizes, regardless of where they are based and process this information. Thank you for the comment, Paul. I am sorry to hear that. Have you contacted your own legal department? You may be in a better position to answer your question. There is no difference between personal data about individuals in their private, public or professional roles – the person is the person. Even in a B2B environment, these are individuals who interact with each other and exchange information with each other. Customers in the B2B market are, of course, companies, but the relationships that cover business topics are people – or individuals. Thank you for your interest. This situation is different in each country, with each Member State designating a supervisory authority and one or more independent authorities responsible for monitoring the application of this Regulation.
Each Member State shall notify the Commission of the provisions of its law adopted pursuant to Chapter 6 of the GDPR (Independent Supervisory Authorities). Each supervisory authority shall be responsible for dealing with a complaint lodged with it or a possible infringement of this Regulation where the subject matter concerns only one establishment in its Member State or concerns only the persons concerned in its Member State in substance. The GDPR gives individuals an extensive right to control and access their data. Companies also have a greater responsibility when it comes to data protection. Among the most important changes is the requirement to obtain the explicit and active consent of a person to the processing, storage or use of his data (the user`s information is not enough, he must give his consent). It is also necessary to inform the supervisory authorities of personal data breaches within 72 hours of a company becoming aware of the incident. In addition, the GDPR contains new rights such as the right to be forgotten (which allows users to request the deletion of their personal data in certain circumstances: when consent is revoked, when it is no longer necessary for the purposes for which it was collected, etc.) and the right to portability (which gives users the right to: require organizations that store their personal data to provide them with a copy of that data for transfer to another organization). Hello. Small businesses pay me to promote their businesses on several websites I own. Their details, for example store name, industry and relevant links, are advertised on the websites, I do not store any other information about them or sell their information.
How does the GDPR affect me when I sell an ad to a new customer? Also, be sure to check with your suppliers. Outsourcing does not relieve you of any responsibility and you need to make sure they have the right security measures in place. For example, the recent data breach for companies using the third-party survey provider Typeform. Instapaper, Pinterest`s “Read it later” service, has informed users that it is temporarily suspending all services in Europe due to GDPR-related issues. This is also the case with the inbox cleaning app Unroll.me, which has also been criticized for its opaque data protection guidelines. Thank you, Ammar. Maybe you can insert a new form on your website that will only be used for withdrawal requests? What permissions do I need as a small executive search company that processes a small number of orders per year? First, with regard to CVs of potential candidates that have been submitted to me for the examination of a particular vacancy or, more generally, for the examination of future opportunities. Secondly, in terms of customer/prospect contacts. Not surprisingly, these fines have sparked controversy because of the impact they could have on SMEs. It can be reassuring to remember that these fines are the worst-case scenarios and that the ICO will take into account mitigating factors such as the severity of the breach and a company`s efforts to comply with the GDPR. Information Commissioner Elizabeth Denham also published a blog post reminding businesses that the GDPR imposes a number of sanctions to help organizations comply, including warnings, reprimands and remediation orders, and that imposing fines will remain the last resort.
However, financial penalties shouldn`t be the only concern for businesses, and non-compliance carries the risk of serious reputational damage, as companies that don`t take steps to protect personal data can quickly lose the trust of their customers. Hello Steven, what happens if my company collects name, email address and other non-personal data (total number of event attendees, number of people needing hotel accommodation, number of people with food allergies). My company only keeps the digital information and deletes the name and email address. Doesn`t this subject us to the GDPR? Hello, as an IT consulting company, we do not process any personal data, but we have the contact details (e-mail address, telephone number, etc.) of colleagues in client companies in the EU. We do not use their contact details for marketing purposes, but for daily communication about projects and so on. Are we affected by the GDPR? Hello Steven, Thank you for the information on this topic. We are an American company that stores the professional email addresses/phone numbers of employees of our EU customers for contacts related to purchasing and accounting matters. Am I correct in assuming that we do not need to get consent from these people because they are existing customers? As we have already mentioned, the penalties for non-compliance with these obligations can be very severe. Consumers reasonably expect companies to take care of the personal data they collect and that the information will only be processed for the purposes for which it was collected. The law now better reflects this expectation, and companies risk severe penalties if they do not comply.
Thanks for the comment, Quera! You might be affected by the GDPR, yes, so I recommend talking to your company`s legal team or DPO to see exactly how it will affect you. Excellent article! Short question. If we add an ODA as an addendum to our existing terms and conditions, does this mean non-European (i.e. US) customers receive the same rights granted to them under what the ODA offers? I am trying to determine whether we should separate this document and make it available to EU customers separately. Thx! Don`t keep more information than you need and delete any data you don`t use. If your business has collected a lot of data with no real value, now is the time to consider what data is important to your business. The GDPR promotes more disciplined processing of personal data. Law enforcement monitoring provides an overview of the reported fines and penalties that EU data protection authorities have imposed so far. So it`s not just small “non-technical” companies that are lagging behind with the GDPR! Hi Keith, thanks for the good question! I believe the best approach here would be to call each person individually, remind them why you contact them and how you met, and then ask them at the end of each call if they would like to receive news and updates from the company via email. As of May 25, 2018, the EU GDPR (General Data Protection Regulation) will affect any organization that processes personal data of EU citizens.
A really interesting and insightful blog post. Tens of thousands of companies around the world are facing a major shift in the way they handle data. Compliance with the GDPR is not easy. This requires detailed planning and collaboration with all the companies in your chain. Thank you for your interesting article. One question. Does the EU have a plan to determine if the company is GDPR compliant? For example, is there a GDPR LAB or do GDPR compliance auditors review organizations? Or just wait for someone to file a GDPR-based complaint? I want to know when I can take legal action against companies that violate the GDPR? Excellent article. We are a US-based manufacturer that does not sell directly to consumers, we are a contract co-packer/manufacturer that manufactures products for customers residing in the Netherlands. Your products are potentially aimed at EU consumers. .