The General Data Protection Regulation (GDPR) is a new regulation being brought in to companies within the EU but will also impact organisations outside of the EU if they offer services to or exchange goods with EU citizens/companies. GDPR is a regulation that requires companies to prove that they have the consumers consent to withholding personal information. This new regulation is designed to give the consumer more power with protecting their information and having more control over who can view it. It will also force companies to be extremely careful when handling personal information as the fines and penalties for not complying with the new regulations can be very costly.
Internet companies are likely to be the main ones affected, as all their customer interactions take place online, and new regulation will affect each of these. Online casinos and bookmakers will have to be pay close attention to how they contact customers and manage their data, practices such as emailing about new signup bonuses without permission will no longer be acceptable. Casinos such cocasino.ie have taken steps to ensure customer’s marketing preferences are clearly recorded and kept at one central and secure location.
What information is being protected and by who?
The GDPR is responsible for protecting all personal data but what is personal data? The information being protected is as follows: Name, Photo, Email, Home Address, Bank Details, Social media posts, Medical information, IP Addresses, Biometrics, Racial/Ethnical data, Political Opinions and Sexual orientation. All of this information must be protected and managed appropriately, but who is responsible for ensuring the regulations are followed? The companies that currently have personal information must use data controllers to decide the purposes and methods of processing the data as well as coordinating the operations. There are also data processors involved which are responsible for processing the data in accordance to the data controller’s instructions. Between these two parties, they are responsible for the management of personal data.
Penalties and consequences of breaching GDPR
There are strict rules and regulations with the new GDPR that must be followed in order to avoid a financial penalty. If a company does not follow GDPR regulations, they can be fined up to €20 million or 4% of their annual global turnover. This is a big incentive for companies to comply with the regulations as these fines can have devastating impacts. Not only will the consequences be financial, but the trustworthiness of the company and credibility is at stake when a breach of confidentiality occurs. The new regulations have been introduced from 25th May 2018. Any company found not complying after this date will be putting themselves at risk of being fined.
Data protection officers can be employed by companies to reduce the risk of breaching the regulations and ensuring the management of personal data is being carried out correctly. There are certain circumstances when a data protection officer should be employed. These include when dealing with public services, when large-scale systematic monitoring is needed and companies that have large scale processing of personal information.
Preparation and management for the new regulations
Companies must prepare for the new changes to the regulations and ensure everything they do is compliant in order to maintain credibility and avoid being fined. Firstly, companies must understand the requirements that must be met in order for them to be able to process personal information. The most noticeable requirement is the consent of the consumer, this has been highly stressed during the change and has caused companies to send emails to consumers to confirm their consent in accessing and processing their personal information. It also requires companies to clearly state what they will be processing and why; not like before, where small print and small tick boxes were all that was needed. The only other ways that personal data can be processed is due to public task, vital interests, legal obligation, contractual or if both parties have legitimate interests.
There are several ways in which companies can protect themselves and prepare for the changes. Firstly, by making everyone at the company aware of the changes and ensuring the people involved in this role are aware of the changes with GDPR. This will ensure that everyone at the company is on the same page and will minimise errors when processing personal data. The company will need to document where the information has come from and to record when the information has been used for any purpose. Companies can review their current privacy policy and make any amendments so that it fully complies with the new GDPR regulations. This will allow for transparency with consumers as well as protect themselves. There should also be some form of procedure in place to erase personal data if required to; this is part of the new GDPR regulations. These procedures should be updated accordingly to comply with the rules and regulations. Another step companies can take is ensuring their processing policy is lawful and updating the privacy policy, so consumers are aware of the changes. Consent is a hot topic with GDPR and companies should re-evaluate how they gain permission from consumers and update them on what this means. Another important step that has been introduced with GDPR is child protection. This means that personal data from children; mainly from social networking, should be protected in accordance with the new regulations. Companies should be aware of the international policy so that when dealing with international consumers or more than one EU member state, the company must identify the lead data protection supervisory authority and document it. Finally, the company must understand how to identify a breach and what to do when this occurs. This is essential for GDPR as it must be documented and reported to the appropriate body in order to increase security and ensure it does not happen again. In summary, these are all steps that companies can take to protect themselves with the new GDPR rules and regulations and if these are all followed correctly there should not be any disputes.
The future of GDPR
The future of GDPR could have major impacts on the economy as businesses must take extra precautions by hiring more staff to manage data protection and processing. This will increase the costs to the company and could cause item prices to increase and have a major influence on the economy. The future of GDPR is uncertain and will not be clear until there is evidence to support success or failure. To conclude, GDPR is the newest set of rules and regulations must follow when processing personal data and companies can take several steps to protect themselves against dispute and legal difficulties. It is vitally important that these steps are taken to avoid the penalties and damages to reputations.
Leave a Reply