Landing pages are everywhere. Products, Courses and Internet marketers who are tirelessly working on a beach towards making you rich - everyone uses l...
GDPR 101 for Businesses
Written by Sundaresan Sekar - 25 May 2018 4 minutes read
This is due to the introduction of GDPR in the European Union.
With the experience of working with global enterprises on helping them stay compliant with GDPR, we at Torus Tech Co LLC wanted to provide a primer for everyone who wants to know more about the implications of GDPR.
Let’s get rolling.
General Data Protection Regulation is a legal framework that sets the guidelines for the collection and usage of personal information of the individuals within the European Union.
It is coming into effect today and it will change the way the businesses and organizations use personal information of their customers (from the EU region).
This was not a surprise for anyone as there was a generous time grant of two years given for businesses to become GDPR compliant. The European Union formally adopted the policy in April 2016 with an effective date of May 25, 2018.
GDPR provides a lot of control to the individuals on how their data can be used by businesses and organizations. The new superpower makes businesses answerable to the consumers on how they collect their data, where they store them, what will they used for and allows the customers to request (should we say, demand) to delete their data.
In the era of retargeting, this can spell a lot of changes in the way the audience are targeted for marketing campaigns. Any company or organization that has customers or people belonging to EU on their list must be GDPR compliant.
How it affects you?
It does not matter even if your business or organization does not have a presence in the EU. When your product/service/website interact with someone from the EU, it must be GDPR compliant and the users can exercise their GDPR rights to allow/deny your business the access to their personal data.
For e.g., If a user ‘A’ from EU takes an online class from a company ‘X’ registered in the US or rest of the world which has no presence in the EU whatsoever, the company has to be GDPR compliant as it will handle personal information of a resident of EU.
If you are from a country outside of EU, you can still learn a great deal from the data privacy laws of GDPR and its implementations as experts predict many countries will follow suit as data is becoming the currency of the modern world.
What’s included under Personal Data?
Personal data is defined as any information that can be used to identify an individual directly or indirectly.
It includes information related to name, social IDs, photographs, location, education, work, mobile number, banking, health data etc.
GDPR is very powerful and comprehensive as it also includes common online identifiers like Device IDs and IP addresses under personal data.
Another interesting aspect to note is GDPR’s incentives for controllers who pseudonymize data.
The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.”
Pseudonymized data can be restored to its original state with the addition of information which then allows individuals to be re-identified.
It can be done by either data masking or data encryption.
How can you as a consumer exercise your new powers?
A strong seven letter word is the answer to the question.
If you are from the EU, the businesses and organizations that would like to interact with you will reach out to you through emails or through their website to seek your consent to collect and process your personal data in compliance with GDPR.
As mentioned earlier in the article, you now have the permission to check what they collect, how they collect, what they use it for and even stop giving them access to your data by asking them to delete it altogether.
For starters, you can know all your rights and how to exercise them by going through the official FAQs here.
How are brands reacting to GDPR?
For companies, they can choose between having dual data policies in place (one for EU and one for the rest of the world) or follow GDPR compliance for everybody irrespective of where they are from.
This will have a big impact on companies that provide a service for free by making use of your data for advertising (does this ring a bell?) and targeting purposes as the users can now control how their data can be used.
Microsoft has announced that it would extend the rights provided by GDPR to all its consumers worldwide keeping the privacy and data policies consistent across the globe. It has also created a privacy dashboard that allows people to review settings, delete data, and download information that's held about them.
Are you looking to understand the best practices adopted by the industry leaders when it comes to GDPR? Book a free consultation with us and we will be happy to create a tailor-made GDPR compliance plan for your business.
Do you have any questions related to GDPR? Ask them in the comments and we will answer them.