Podcast: Play in new window | Download
In this episode Daniel gives an overview of the upcoming GDPR online privacy legislation. What does GDPR mean and what do businesses need to think about?
Transcript – GDPR – A Quick Introduction
Hi everyone and welcome.
Today we will talk about GDPR, and if you don’t know what it is you just need to follow this short podcast to understand what it means, hopefully, so stay tuned.
GDPR is an online privacy law that is going to be enforceable on the 25th of May this year (2018). It’s been in the works since 2016, and it’s an EU-wide law. It covers not only the EU but also any company or organization that is handling personal data that is connected to an EU-citizen, so it’s quite an extensive law.
This means that companies outside of the EU also have to follow the law. So for example companies in the US, China, Russia or the Middle East have to follow the law if they are handling personal data that is connected to EU-citizens.
Companies that are found to be violating GDPR, may be fined up to 4% of their annual turn-over. So it’s quite a lot for any company, so it’s important to at least get a grasp of what GDPR means for your business or organization.
GDPR has some interesting corner-stones, and quite visionary to some extent.
First of all it’s the consent part, basically when you are creating a sign-up form or somewhere else where the customers have to provide their personal data. You must as a company clearly state what you will do with the data and what the purpose is of you collecting the data. It has to be communicated in a straight-forward and easy to understand way for the person that is trusting you with their data.
Another important corner-stone of GDPR is the right to be forgotten. It means that a customer that you have collected personal data about, have the right to get that data deleted from all of your organisation’s systems. This can be quite difficult for some companies, because it doesn’t necessarily mean that it’s only the CRM system that keeps the data, there might be other systems involved. For example mail conversations, phone records etc.
The next important part of the GDPR is the right of access. That means that every person you are storing data about has the right to see what you are storing, and access that data. So if someone is asking you for example, “Can you please provide me with all the data you have about me”. You need to have the ability to get the data out to them.
Then another important part of GDPR is the right to portability. This I think is the most interesting part. It means that a company should have the ability to export the data out of the systems, provide it to the customer so that the customer can use this data in another system or another company.
For example if you want to be able to switch from Facebook to Twitter you should be able to get the data out of Facebook and then have the ability to use it as input to Twitter.
All companies that are storing customer data also have to appoint a Data Protection Officer, a DPO.
This role works with compliance of GDPR in the organization. Most companies also choose to educate their staff, if you have for example 30 000 employees you want to make sure that they understand GDPR and how they should handle customer data.
I also think that when it comes to GDPR there are some really basic stuff when it comes to storing data that should use. For example to anonymize the data, so it’s not possible to see who is who and also to encrypt the data. Encrypting the data is best practice for storing data online these days.
I hope that this episode gave you an overview of what GDPR is and what it means. Next time I will talk about online privacy from an customer experience standpoint. What will customers expect in the future when it comes to online privacy? And what should companies do?
So stay tuned for the next episode of the One Minute Digital podcast.
Thank you very much for listening, see you soon again!