What is GDPR and its impact to your business?

Last 25th May 2018, the GDPR (General Data Protection Regulation) finally took effect. The law changes the rules for companies that collect, store or process large amounts of information on residents of the EU, requiring more openness about what data they have and who they share it with.

It also means any company with a digital presence in the EU will have to comply with the law or face steep penalties.

As some of you may have noticed, digital companies such as facebook and all the other social platforms and applications are flooding your emails with their changes in their data privacy policies.

In the Philippines, we also have the Data Privacy Act of 2012 (DPA) which has similar intent with penalties & jail time. Any business that is located in the Philippines is subject to stringent data protection laws that could cost offending businesses in fines and perpetrators can be imprisoned for up to 6 years.

How this impact your business?

Here’s a rundown of the benefits your business can get with compliance to GDPR, DPA or any data privacy regulation that you encounter:

Better Cybersecurity – It makes practical sense to take data privacy seriously for there is no company in the world that can afford to take the risk of cybersecurity ignorance, given the costs of data breaches and business downtime caused by theft or loss of critical data.

Breaches are PREVENTABLE. It is already clearly established that the two major causes of privacy breaches are carelessness via human errors and poor security structures. Data not handled with care already constitute a privacy violation.

This means even if you are a Janitor, you will have a huge role in this as you are in charge of disposing the days billing statements for example, is the last in the chain of a problem created by the call center agent after a piece of paper with a customer’s sensitive medical data is simply thrown into the trash bin instead of being shredded.

Boost Audience Loyalty and Trust – Compliance can support your business in helping you build more trusting relationships with your customers and the public generally. When gathering consent to use data subjects’ data, you will have to explain clearly and concisely how you will be using their personal information. The transparency, accountability, and responsibility you demonstrate will encourage trust in your brand.

Both the DPA and GDPR seeks to foster confidence and trust of companies with their customers. By upholding the data standards championed under both systems, organizations will be able to demonstrate their desires to protect customer’s interests, foster accountability and cultivate trust.

Specified Data Management – Compliance requires you to audit and know what type of data or sensitive information you hold. This leads you to only gather specific data only and minimize the data you collect and hold, better organization, documentation, storage and in effect a streamlined data management process.

Employee training is crucial for the whole organization to be aware of privacy risks. Business processes must be designed right from the start with privacy in mind.

How does this affect the individual person?

The future will most likely have a business having a social or digital component or perhaps they all become full-blown digital businesses. The reality is that organizations collect, share, keep and later dispose of personal data in order to have a business relationship with their consumers. With these regulations, you have the power to hold companies accountable like never before.

—
If you like this post, please do share it on social media like Facebook, Twitter or any other site that you like (of course with a credit link back to this blog post).

Also, don’t forget to follow me on Facebook, Spotify or Anchor.fm (for the Podcast), and Instagram for more updates and random stuff about me and this blog.