2 min readThe General Data Protection Regulation (GDPR) is a European privacy law that regulates the collection, execution, and storage of any EU citizen’s or resident's user data.
With this in mind, the new legislation will have an effect not only on European businesses, but also any other business that regularly collects data from any EU citizen or resident.
Start putting together your GDPR plan before the legislation is put into effect on May 25, 2018. There is no grace period after this date, and a failure to reach compliance by this time will result in fines of up to 4% of your company’s annual turnover.
Start with Legal Authorization
You need to begin with ensuring you have legal authorizations in place, allowing you to process personal information. This includes but is not limited to:
- Obtaining consent for using personal data;
- Contractual obligations to your consumers;
- Compliance with other legal obligations you are subject to, etc.
Comply with Processing Requirements
The GDPR dictates strict requirements for personal data processing. The GDPR states that data must be:
- Processed lawfully, fairly, and in a transparent manner for your consumers;
- Collected for specific, legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which the data is processed;
- Accurate and kept up-to-date;
- Stored for no long er than is necessary for the purposes for which the personal data is being used;
- Protected through security measures and safeguards that help to prevent data loss and breaches.