As business leaders know by now, the European Union’s General Data Protection Regulation (GDPR) was enforced on 25 May 2018 to protect the personal data of individuals. Over and above the control this allows citizens of their personal data, the GDPR also aims to unify data protection laws across the European Union.
However, while many companies outside the EU still believe the GDPR won’t affect them, here’s what Stuart Pearce, managing director of TD Global warns: “Any company dealing with EU businesses, residents’ or citizens’ data will have to comply with the GDPR.
“This means organisations not based in the EU who currently – or are planning to – conduct business in the region will need to be compliant. It goes further,” he says. “Organisations will still have to understand the impact of GDPR if they process an EU resident’s personal data in connection with goods and services offered to that person, and when individuals are tracked on the internet”.
This includes profiling techniques used online to make decisions about the data subject, or for predicting or analysing personal preferences and behaviours. Pretty far-reaching stuff, everyone agrees. So, how do you ensure that your data complies?
Here’s a quick list for data management teams that must ensure all personal data is:
- Collected for explicit, legitimate and specified purposes
- Precise and kept current
- Processed legally, honestly and in a transparent manner
- Relevant and limited to only what is necessary in relation to the purpose for which it is collected
- Not kept longer than necessary
- Processed in a manner that ensures proper security and disposed of securely
Companies were given a fair amount of time to become compliant,” says Pearce. “If you are currently not compliant or concerned that your data may put you in line for a steep fine in Euros, contact TD Global and we’ll assist you with upgrading your data to full compliance. It’s not worth the time, money and loss of reputation non-compliance will cost you if you’re winging it.”