We’re going to keep this as short and as sweet as physically possible – we’re just as fed up as you are hearing about the (what seems to be) dreaded GDPR stuff. We’ve included in this blog three things you need to know:
1 – What it is (in English)
2 – What you needed to do (in English)
3 – How to calm down (in Cantonese)
We know that you have been hearing about GDPR CONSTANTLY over the past couple of months – if you’re only just hearing about it… you’re too late. If this is you, here’s a few things you need to do to get caught up!
GDPR stands for The General Data Protection Regulation, and it is a regulation in EU law on data protection, and privacy for all individuals. Both within the EU and European Economic Area, as well as covering the export of personal data outside of these areas.
Basically, if your business is not GDPR compliant with the 2018 “update” – you’re breaking the law. Sorry.
The main thing to do is NOT PANIC. We know that from the constant social media posts and articles in the news this is probably exactly what you’re doing (hence why you’re reading this), but please take it from us – panicking is NOT something that you should be doing. If you’ve not done anything to become GDPR compliant yet, then yes – maybe you should get on that ASAP.
Nevertheless, we’re here to help you. If you control and/or process any type of personal data, you need to ensure that you are GDPR compliant in order to stay on the right side of the law (to avoid a HEFTY fine).
This isn’t as tricky as it sounds. In basic terms, you simply need to ensure that personal data is processed lawfully, transparently, and for a specific purpose. As well as this, once the purpose is fulfilled (the data is no longer required) it should be deleted. This is because using this data again, for a different purpose, technically means that you haven’t been granted permission from the data subject (clients, visitors to your site etc).
Consent is and must be, an active, affirmative action by the data subject (person giving data/filling out online forms etc). Controllers (you) must keep a record of how and when the subject gave consent too, as well as that they may withdraw their consent whenever they want to.
You could do this by sending your entire database an email, asking them whether they would still like to hear from you, or whether they would like to be “forgotten”. The right to be forgotten is also new – this means that the data subject can have their data deleted at any time they wish.
It shouldn’t be a surprise that after complying to the new GDPR rules, your contact list may look a little on the small side. But don’t worry – those you have maintained are more likely to become customers of your business. As will be those who sign-up later on.
This has been an extremely brief and basic explanation of GDPR. If you would like to find out more, or if you’re worried at all – please do not hesitate to Contact Us.