Privacy and Protection – What you need to know about the GDPR
Does your company deal with data from individuals or companies in the European Union (EU)? If so, read on.
Data is everywhere – and at the heart of almost every business. Yet recent data breaches have meant heightened security concerns.
Here in South Africa we are familiar with the impending PoPI Act. But if you have clients that are European Citizens, or based in the EU you’ll also have to navigate a new piece of legislation: GDPR (the General Data Protection Regulation).
The GDPR: a 5-second overview
At core, The General Data Protection Regulation (or GDPR) is about safeguarding the privacy of individuals and companies in the EU, and reflects the implementation of the Digital Single Market Strategy.
What will the GDPR do?
The GDPR will place new rules on companies that deal with EU residents. It will also apply to companies that collect or analyse data tied to EU residents, no matter where they are located.
To do this, the GDPR establishes global requirements governing how companies manage and protect personal data – and respect individual choice. Importantly, it is a law that will apply no matter where the relevant data is sent, processed, or stored.
When is it due to take effect?
The GDPR comes into effect on 25 May 2018.
What will the impacts be?
Depending on what data a company holds, the GDPR may mean a number of changes. These may include updates to personal privacy policies or strengthening how data is protected.
What are some of the key elements of the GDPR?
- Enhanced personal privacy rights. Part of the law looks to improve data protection. It will do this by giving EU residents the right to: access their data, correct inaccuracies, erase or move their data, or object to processing of their information.
- Increased data protection duties. The accountability of companies that process personal data will be reinforced and their responsibility for ensuring compliance increased.
- Mandatory data breach reporting. In the event of a breach, companies will be required to report the situation quickly, generally no later than 72 hours after the fact.
- Penalties for non-compliance. The GDPR will mean sanctions and fines can be imposed on organisations that have failed to comply.
Does the GDPR apply to my business?
The GDPR applies to companies (operators or controllers) in the EU.
It also applies to those outside the EU who offer goods and services to, or collect personal data from, EU residents.
What kind of data does the GDPR consider ‘personal data’?
The GDPR considers personal data to be any information related to an identified – or identifiable –natural person. This relates to direct identification data (such as a legal name). However, it also covers indirect identification data (data that makes it clear who is being referenced).
Personal data also includes online identifiers (such as IP addresses and mobile device IDs) and location data.
I use Dynamics 365. What types of data might be affected?
- Customer data. This spans all text, sound, video or image files and software.
- Administrator data. This is information about administrators supplied during signup, purchase, or administration of Microsoft services. It includes names, phone numbers, email addresses and aggregated usage information.
- Payment data. This is the information companies provide when making online purchases with Microsoft, including credit card numbers, security codes, names and billing addresses and other financial data.
- Support data. This information is supplied in a support request or results from running an automated troubleshooter.
- A special note on children’s data: Children (defined as a natural person under the age of 16 or as specified by Member State law) need specific data protection. Data controllers will need to get the consent of a parent/guardian for using the child’s personal data.
Don’t miss more articles by The CRM Team
Automated and Amplified: Sales Meets A.I. Sales is evolving. Predictive and powerful, it’s no longer just speed that separates the best from the rest – it’s processing power. Today’s strongest sales engines are not only blisteringly quick – thanks to A.I. they’re now...
Reduce costs. Sell more. Make your customers happier. Consistently great customer service is getting harder to achieve. Social media has enlarged a customer’s voice - good when companies are being praised, but damaging when they are being criticised. Since 2009, there...
What does a CRM implementation look like? A refreshing new approach. The real value of CRM is having a solution that is tailored to your specific business strategy. When you buy a solution from us, the first thing we'll do is listen to your specific objectives. We'll...