Making sense of the GDPR

By now you are probably feeling pretty overwhelmed with all this talk on the General Data Protection Regulation — or GDPR for short. To keep your mind at ease and your business out of trouble, we’ve explained the most important parts of the GDPR, the whos, the whats, the whys and the hows.  

Let’s start from the top. What is the GDPR?

The GDPR is a set of European laws that govern how the user data of a company is collected and used. These laws prevent data organisations from accidentally or intentionally misusing the data of their users (cue the Mark Zuckerberg case where millions of Facebook users in the US had their data stolen by political consultancy firm, Cambridge Analytica — awkward).

What is user data?

When we refer to ‘data’ we are referring to personal information a user enters when they first sign up to a website. Facebook is a great example of this. During the sign up process you are asked questions like what is your name, your email address, your D.O.B, gender and so on. This may seem like irrelevant information, but this data can be given to third-party services to help advertisers target users.

Who wants access to this data?

User data can get personal, real personal. Especially when it involves your bank details, medical information or computer IP address. The worst part? Once data is leaked, there is no way to get this data back. Now you are probably asking yourself, “who could benefit from such data?”. Valuable user data can be sold on the dark web for a large price. Usually a “broker” will purchase this data and sell it onto a “carder”. The “carder” then uses the credentials to buy gift cards to stores like Amazon.com — essentially anything that cannot be traced. These gift cards are then used to purchase items such as electronics which are resold on eBay or the dark web.  

Who is affected by the GDPR?

We’ve heard it out of the mouths of various business owners “the GDPR doesn’t affect me because I don’t work in Europe”. There’s something that these business owners should know though. If you have an office, offer goods and services, or monitor behaviour of individuals in the EU, you’ll need to update your privacy policy. It’s no surprise that the country most affected by the GDPR is the US. If you think about it, some of the world’s largest data organisations were founded in the US ­­— Facebook, Google, Snapchat, Twitter and LinkedIn, just to name a few.  With large corporations like these being affected, it’s safe to assume that similar laws could be introduced here in the near future. If you want your business to remain ahead of the curve, it’s important to be mindful of any GDPR related issues.  

Why should data organisations comply?

Non-compliance with the GDPR can result in hefty fines for large corporations. The kind of fines that send these companies bankrupt. GDPR fines can go up to 20 million Euros or 4% of your annual global turnover, whichever is highest. Small businesses are no exception and will receive the same fines for any type of data breach.  

How do I protect my company from these fines?

The main thing to remember is that you need to allow an individual to make their own privacy decisions and consent on any data collection. As expressed in the Australian Privacy Act, the four key elements of consent are:

·       “The individual is adequately informed before giving consent”

·       “The individual gives consent voluntarily”

·       “The consent is current and specific”

·       “The individual has capacity to understand and communicate consent” 

To read more about the GDPR and what to include in your privacy policy, we highly recommend this website: https://www.oaic.gov.au/resources/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation.pdf

So that’s the GDPR in a nutshell. It’s no law to be taken lightly and data breach is some real serious stuff. Make sure you update your privacy policy if you plan on doing business with the EU — but even if you don’t, your users deserve to know where their data can potentially end up.

This article was written by Mimi Seymore, Graphic Designer at Popdot Media. With a keen eye for all things design and social media related, Mimi's passionate about creating social strategies and designs that help to grow your business. 

Photo by Debby Hudson on Unsplash
 

References

https://www.cnbc.com/2018/04/04/mark-zuckerberg-facebook-user-privacy-issues-my-mistake.html

http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

https://www.i-scoop.eu/gdpr/gdpr-fines-guidelines-application-penalties/

https://www.itgovernance.eu/blog/en/the-gdpr-what-exactly-is-personal-data

https://www.secplicity.org/2017/05/18/stolen-hackers-data/