The Facebook-Cambridge Analytica scandal is an eye opener for everyone; and has directed the world’s attention to the new European Union General Data Protection Regulation (GDPR).
However, a lot of young managers of small startups still don’t know how to be compliant.
This article simplifies what you are expected to do as a business owner. These days a lot of college students already have their businesses, so they can learn from the information too.
First of all, the regulation affects you if you operate in any of European Union member countries. Even if you don’t operate in the region, you are still bound by the law if you process personal data of European Union residents. Well, if at least one of the two conditions holds true for you, this article is for you. To be compliant, follow the steps below.
1. Seek permission
The first and the most important rule is to seek the consent of the owners of the data before doing anything with their data or before you give it out. Remember, you have to seek consent in clear terms because users/customers now know their rights. They may not grant the consent if they are not clear on why you need the data.
Also understand that even if they give their consent, it is not permanent. They reserve the right to withdraw their consent anytime and they do not owe you any explanation for withdrawing it.
2. Notify them of any breach within 72 hours
If your database gets hacked or any other security breach occurs, you have just 72 hours to inform your customers and data controllers (if you have any). If it is found out that you notified your customers more than 72 hours after the breach, you will be sanctioned. However, it is worse if the lid gets blown on you by a third party because that will attract maximum penalty.
So, whenever you find out any security breach, don’t even think you can resolve and bury the issue secretly. Report it as quickly as possible. Of course your customers will react negatively to the alert, it will never be as bad as coughing out the sum of €20 million.
3. Your customers have a right to their data
If any user or customer requests his data, you must provide it in full details and as quickly as possible. Customers have the right to request the information you have gathered about them. They can even use the data in another environment outside your business and platform.
4. Your customers have the right to be forgotten
Your customers have the right to request a total deletion of their data. Even if you are not through with why you obtained the data, you have to seek their consent to hold on to the data further. And if they insist, then you have to delete it.
You may be tempted to lie to them that you have deleted the data without deleting it. Don’t risk litigation. You don’t want to pay €20 million just like that.
5. Put security features in place
It is important that you make use of adequate security facilities to protect the privacy of your customers. You know what this implies? When there is a security breach, reporting it within 72 hours does not absolve you of any wrongdoing. The breach will still be investigated and if you are found not to have taken adequate security measures, you may be fined.
6. Making use of a data protection officer
Since it has become a serious crime to misuse users or customers’ data, it makes a whole lot of sense to hire a data protection officer that will be dedicated to the cause. However, that is only if you handle a large volume of data as the service is not cheap.
What happens if you violate any of the rules?
This is the part of the discussion that scares companies. If you violate any of the rules, you may face the maximum penalty of paying €20 million or 4% of the last annual revenue of your company depending on which is greater. The fine may be fined for less serious offenses.
As long as you comply with the rules, you have no reason to be scared. The regulation is meant to give customers and users full control over their data.
WORLD'S SMALLEST LASER PRINTER IN ITS CLASS - HP's smallest LaserJet Pro is 35% smaller than its predecessor yet still delivers the same high quality...
FAST PRINTING - HP LaserJet Pro M15w is a wireless monochrome laser printer prints up to 19 pages per minute, with the first page out in as few as 8.1...
BEST-IN-CLASS MOBILE PRINT APP(1) - The highly rated HP Smart app allows you to print and scan from your mobile device, print from the cloud, such as...
ENGINEERED FOR PRODUCTIVITY - Brother's latest technology is infused into the HL-L2390DW. Equipped with a flatbed scan glass for convenient copying,...
PRINT MORE, WAIT LESS - Developed to optimize efficiency, this replacement for the DCPL2520DW produces a robust and class-leading print speed of up to...
NEW, USER-FRIENDLY FEATURES - This new Brother monochrome laser printer includes a 250-sheet paper capacity, which helps improve office efficiency...
250 Sheet Capacity Paper Tray. A4 2-sided print speed-13. A4 standard print speed-26. Automatic 2 sided print.Recommended monthly volume-250 to 2,000...
Windows 10 Compatibility:If you upgrade from Windows 7 or Windows 8.1 to Windows 10, some features of the installed drivers and software may not work...
BUILT TO KEEP YOUR BUSINESS MOVING FORWARD - Print, scan, copy and fax consistently high-quality documents with the HP Color LaserJet Pro...
BEST-IN-CLASS SECURITY - A suite of embedded security features, like instant threat notifications and optional PIN/Pull printing, help protect your...
AUTOMATE COMPLICATED WORKFLOWS - Help save time by automating all the steps in a complicated workflow, and apply your saved settings at a touch of a...
Last update on 2020-03-20 / Affiliate links / Images from Amazon Product Advertising API
Amazon Affiliate Disclosure: SayCampusLife.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. The commission earnings are used to defray our cost of operation.
View our FTC Disclosure for other affiliate information.
European Union General Data Protection Regulation (GDPR) Simplified
The Facebook-Cambridge Analytica scandal is an eye opener for everyone; and has directed the world’s attention to the new European Union General Data Protection Regulation (GDPR).
However, a lot of young managers of small startups still don’t know how to be compliant.
This article simplifies what you are expected to do as a business owner. These days a lot of college students already have their businesses, so they can learn from the information too.
First of all, the regulation affects you if you operate in any of European Union member countries. Even if you don’t operate in the region, you are still bound by the law if you process personal data of European Union residents. Well, if at least one of the two conditions holds true for you, this article is for you. To be compliant, follow the steps below.
1. Seek permission
The first and the most important rule is to seek the consent of the owners of the data before doing anything with their data or before you give it out. Remember, you have to seek consent in clear terms because users/customers now know their rights. They may not grant the consent if they are not clear on why you need the data.
Also understand that even if they give their consent, it is not permanent. They reserve the right to withdraw their consent anytime and they do not owe you any explanation for withdrawing it.
2. Notify them of any breach within 72 hours
If your database gets hacked or any other security breach occurs, you have just 72 hours to inform your customers and data controllers (if you have any). If it is found out that you notified your customers more than 72 hours after the breach, you will be sanctioned. However, it is worse if the lid gets blown on you by a third party because that will attract maximum penalty.
So, whenever you find out any security breach, don’t even think you can resolve and bury the issue secretly. Report it as quickly as possible. Of course your customers will react negatively to the alert, it will never be as bad as coughing out the sum of €20 million.
3. Your customers have a right to their data
If any user or customer requests his data, you must provide it in full details and as quickly as possible. Customers have the right to request the information you have gathered about them. They can even use the data in another environment outside your business and platform.
4. Your customers have the right to be forgotten
Your customers have the right to request a total deletion of their data. Even if you are not through with why you obtained the data, you have to seek their consent to hold on to the data further. And if they insist, then you have to delete it.
You may be tempted to lie to them that you have deleted the data without deleting it. Don’t risk litigation. You don’t want to pay €20 million just like that.
5. Put security features in place
It is important that you make use of adequate security facilities to protect the privacy of your customers. You know what this implies? When there is a security breach, reporting it within 72 hours does not absolve you of any wrongdoing. The breach will still be investigated and if you are found not to have taken adequate security measures, you may be fined.
6. Making use of a data protection officer
Since it has become a serious crime to misuse users or customers’ data, it makes a whole lot of sense to hire a data protection officer that will be dedicated to the cause. However, that is only if you handle a large volume of data as the service is not cheap.
What happens if you violate any of the rules?
This is the part of the discussion that scares companies. If you violate any of the rules, you may face the maximum penalty of paying €20 million or 4% of the last annual revenue of your company depending on which is greater. The fine may be fined for less serious offenses.
As long as you comply with the rules, you have no reason to be scared. The regulation is meant to give customers and users full control over their data.
Image Credit: Pixabay
helpful? … then please share it
GUIDE: understanding the financial aid steps
Last update on 2020-03-20 / Affiliate links / Images from Amazon Product Advertising API
$$$: finding money for college
-------------------------------------------------------------------------------------------------------------
end of post idea
-------------------------------------------------------------------------------------------------------------
view home improvement ideas at our Photo Remodeling center
Helpful article? Leave us a quick comment below.
And please share this article within your social networks.
Amazon Affiliate Disclosure: SayCampusLife.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. The commission earnings are used to defray our cost of operation.
View our FTC Disclosure for other affiliate information.