In keeping with this year’s Data Privacy Day theme, Respecting Privacy, Safeguarding Data and Enabling Trust, the General Data Protection Regulation (GDPR) takes center stage in reminding both organizations and individuals the importance of data privacy. Since all organizations come under the scope of the GDPR, small to medium businesses (SMBs), or companies with less than 250 employees and an annual turnover not exceeding EUR 50 million also need to fully understand the components and stipulations around their data protection practices.
The significance of data privacy is more relevant than ever with the fulfillment of the GDPR, requiring companies to give more serious thought into preparing for the budget, compliance, and other necessary adjustments. In fact, on January 10, the EU Commission published a package of documents including the European Data Economy, data protection, and e-privacy. The package incorporates new provisions and proposals that are purposely aligned with the GDPR. This denotes the increasing urgency for businesses to comply.
The GDPR applies to all organizations, regardless of location or size, where their processing activities are related to the offering of goods or services to individuals in the EU, or the monitoring of individuals' behavior takes place within the EU. SMBs, however, are allowed some exceptions such as maintaining a record of processed activities and EU Member States can determine if SMBs should designate a Data Protection Officer (DPO). While the GDPR will present serious implications on data governance, companies that can adapt quickly will be able to take advantage of the certainty of the protection of data transfers and collection.
While the core principles currently exist under the data protection law, the GDPR seeks to heighten the processing of personal data in a lawful, fair, and transparent manner in relation to the individual. This is meant to expand territorial scope, increase compliance, and broaden regulatory powers. Here are some significant individual rights under the GDPR that could impact your business and essentially provide your customers with better data privacy:
The right to information and transparency
The GDPR—which replaces the 1995 Data Protection Directive (95/46/EC) when it takes effect on May 2018—stresses that the individual's or your customer’s rights will allow them to have more control over their personal data. This means that it will apply to all social media and e-commerce sites as it precedes these modern digital platforms. Though the liability on SMBs is less because of the smaller risk they pose, they are still expected to maintain the simplicity and efficiency of their data processes.
If, for example, you own a small online retail shop and collect customer information, now is the best time to consider if the type of data you collect is necessary or relevant to run your business—because DPAs will check the purpose of the data you store.
What you can do: The way you handle your data must also be more transparent so your customer can fully and plainly understand what they are getting into, especially when it comes to areas where they can opt-in. If you need to retain your customer’s address as reference to current and future deliveries, let your customers know. Under this right, the GDPR will standardize some form of streamlined communication for both the organization and its customer.