Things You Should Know About GDPR
Data collection is a very hot topic nowadays specifically after the Facebook’s Cambridge Analytics Scandal. According to the UK Data Protection ACT 1998, companies should use soft opt in approach when it comes to data collection. Soft Opt in Approach directs to the fact that data collected from users such as email addresses etc. can be used for laying down the basics of marketing communication for any organization. However the new General Data Protection Regulation- GDPR from EU, gives new rules to organization for data collection.
GDPR- Hot Topic Now days:
GDPR follows the current data protection act and ensures that user’s data is not misused and allows people to give their feedback of how companies are using their data. In this way data protection rules become the same throughout EU.
The data protection rules are applicable to all businesses based in EU or doing business in EU. All these companies will have to follow the new regulations if they collect any personal data form EU citizens. The new regulation is no doubt, more difficult and it will also impose fines on companies who mislead it. This system is very important for building trust in emerging digital economy.
Why GDPR was conscripted:
GDPR was drafted to regulate how big company’s especially social media giants are using the personal data of users. GDPR will ensure that the data of user is safe as after the Cambridge Analytica scandal we have realized that user’s data was not safe even with big organizations such as Facebook, Amazon, Google and Twitter too.
Most important things you should know bout GDPR
- The new GDPR System will be operational from 25th May 2018. Till this date all the businesses will have to ready their data.
- Sadly if your organization has come under some data leak issues against the new rules, you have to notify the Information Commissioner’s Office in 72 hours. In this short span of time, you have to give the nature of breach the number of people who are effected through it.
- If companies will not follow these regulations, it will result to penalty.
- If the breech is not reported in 72- Hours, the firm will be fined up to €10 million or 2% of your annual turnover.
- Photos, bank details, social media names, posts and IP addresses come under the umbrella of Personal data.
- If the data of the users is collected, it should be removed if user requests to do so.
- If users asks a company to remove his/her data, he cannot be charge and that data should be removed with in span of 30 days.
- Social Media platforms/ companies who are monitoring and collecting sensitive data form users should appoint Data protection Officer.
- It should be mentioned here that this regulation is also valid outside EU as GDPR is applicable to all companies worldwide who work with personal data of EU citizens. To be compliant it might be sufficient that your customer fills in and submits a simple form via your website.
Due to this new GDPR regulation, Privacy and cookie policies of different websites will be highly effected as now collection of personal data will have to be stated at any cost. Once these regulations make impact, controllers must ensure individual data is processed lawfully, transparently, and for an objective that is particular. When that purpose is satisfied plus the data is no further required, it must be deleted.
This is a very good initiative as previously many times the social media sites misused user’s data. At least for now people would be satisfied that their personal data and credentials are not being misused.