The General Data Protection Regulation (GDPR) is a new regulation being brought in to companies within the EU but will also impact organisations outside of the EU if they offer services to or exchange goods with EU citizens/companies. GDPR is a regulation that requires companies to prove that they have the consumers consent to withholding personal information. This new regulation is designed to give the consumer more power with protecting their information and having more control over who can view it. It will also force companies to be extremely careful when handling personal information as the fines and penalties for not complying with the new regulations can be very costly.
Internet companies are likely to be the main ones affected, as all their customer interactions take place online, and new regulation will affect each of these. Online casinos and bookmakers will have to be pay close attention to how they contact customers and manage their data, practices such as emailing about new signup bonuses without permission will no longer be acceptable. Casinos such cocasino.ie have taken steps to ensure customer’s marketing preferences are clearly recorded and kept at one central and secure location.
What information is being protected and by who?
The GDPR is responsible for protecting all personal data but what is personal data? The information being protected is as follows: Name, Photo, Email, Home Address, Bank Details, Social media posts, Medical information, IP Addresses, Biometrics, Racial/Ethnical data, Political Opinions and Sexual orientation. All of this information must be protected and managed appropriately, but who is responsible for ensuring the regulations are followed? The companies that currently have personal information must use data controllers to decide the purposes and methods of processing the data as well as coordinating the operations. There are also data processors involved which are responsible for processing the data in accordance to the data controller’s instructions. Between these two parties, they are responsible for the management of personal data.
Penalties and consequences of breaching GDPR
There are strict rules and regulations with the new GDPR that must be followed in order to avoid a financial penalty. If a company does not follow GDPR regulations, they can be fined up to €20 million or 4% of their annual global turnover. This is a big incentive for companies to comply with the regulations as these fines can have devastating impacts. Not only will the consequences be financial, but the trustworthiness of the company and credibility is at stake when a breach of confidentiality occurs. The new regulations have been introduced from 25th May 2018. Any company found not complying after this date will be putting themselves at risk of being fined.
Data protection officers can be employed by companies to reduce the risk of breaching the regulations and ensuring the management of personal data is being carried out correctly. There are certain circumstances when a data protection officer should be employed. These include when dealing with public services, when large-scale systematic monitoring is needed and companies that have large scale processing of personal information.
Preparation and management for the new regulations
Companies must prepare for the new changes to the regulations and ensure everything they do is compliant in order to maintain credibility and avoid being fined. Firstly, companies must understand the requirements that must be met in order for them to be able to process personal information. The most noticeable requirement is the consent of the consumer, this has been highly stressed during the change and has caused companies to send emails to consumers to confirm their consent in accessing and processing their personal information. It also requires companies to clearly state what they will be processing and why; not like before, where small print and small tick boxes were all that was needed. The only other ways that personal data can be processed is due to public task, vital interests, legal obligation, contractual or if both parties have legitimate interests.
The future of GDPR
The future of GDPR could have major impacts on the economy as businesses must take extra precautions by hiring more staff to manage data protection and processing. This will increase the costs to the company and could cause item prices to increase and have a major influence on the economy. The future of GDPR is uncertain and will not be clear until there is evidence to support success or failure. To conclude, GDPR is the newest set of rules and regulations must follow when processing personal data and companies can take several steps to protect themselves against dispute and legal difficulties. It is vitally important that these steps are taken to avoid the penalties and damages to reputations.