EU GDRP – General Data Protection Regulation Requirements
The time has come when the internet and personal information are all in one place. The General Data Protection (GDPR) forces businesses to take control of their user’s and clients’ private information. This new law requires companies to ensure the highest level of security for customers. If companies don’t meet these requirements, they may suffer dire financial consequences.
Below is a guide to help marketers understand not just the GDPR but how it needs to be implemented and enforced. You can find all this information here: The General Data Protection Regulation (GDPR)
What is the GDPR?
The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection regulation from 1995. It requires businesses to protect the personal data and privacy of EU Citizens for transactions that occur within the EU states. The GDPR also regulates sharing of personal data outside the EU.
These provisions are consistent across all 28 EU member states. This allows companies to just have one standard to meet with all EU states. This means one set of rules to follow for everyone, however, these rules have a high standard to meet, forcing most companies to make a large investment to meet these regulations.
What privacy data needs to be protected?
- Basic identity information such as name, address, and ID numbers
- Web data such as location, IP address, cookie data, and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
What companies are affected by the GDPR?
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if a business presence is not within the EU. Specific requirements for companies are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.
When does my company need to be in compliance?
Companies must be able to show compliance by May 25, 2018.
Is my website GDPR ready?
If you are currently a customer of TIBINT and we manage your website then the answer is YES! We take security very seriously and ensure that all website data is secure and complies with the GDPR regulations. If you hired us to develop and not manage or you built your website yourself, you may need to take certain steps online. We are more than happy to assist you in becoming GDPR Compliant online.
However, your business may also need to take some steps on your side to comply. This means the process of operations, servers, etc. If you have any questions please feel free to contact us at 1-212-634-4223 and one of our team members will assist you with any questions or concerns you may have.