Meeting GDPR Requirements

The European Union’s General Data Protection Regulation’s (GDPR) came into effect on 25 May 2018. The GDPR law has triggered several immediate changes. The new regulation safeguards security and privacy rights for users. GDPR has forced companies to change their practices on data gathering and processing in many ways.

Decrease in Addressable Markets

As every company that does business with citizens of the EU has to comply regardless of where they are based, the law has had a pronounced effect on technology firms, marketers, and other companies that handle large quantities of data.

International companies such as Facebook, Apple, and Google have dealt with the compliance rules differently. While Facebook added more tools for users to control their privacy, they also took the initiative to nudge people to agree to face recognition systems. Google was more discreet about their

changes, without informing its users. Apple also made sure to get its users consent to their latest tools.

Had they not complied, they could have been  fined up to $9.3 billion in total per company. Wanting to keep their market in Europe, companies should comply with the regulations as it is helpful for them and their customers.

The checklist

Being unable to meet the requirements of the legislation could mean fines from the European Union. A simple thousand-dollar fine for a data breach pre-GDPR can go up to a million-dollar fine now. To be GDPR-compliant, companies may execute  the following steps to minimize exposure and risk:

1. Create a GDPR team to sift through current data flow

A team should be appointed to sift through the organization’s data, review the data collected and document the flow and processes used to acquire data. After going through the data, remove contacts who did not consent to mails or other offers and take note of the sources of the mailing list.

2. Review personal data collection process

Online forms now must be clear about their offers, the information they need from any interested leads, and how this is used. If the website has cookies, ask for consent before the site uses cookies. The GDPR also requires parental consent for children under the age of 16, if the company is interested in processing their personal data.

Verify with your existing contacts if they still want to receive updates, app notifications, and emails from your company. Allow them to manage communication preferences and choose if they prefer receiving newsletters instead of promo emails. The user will also

be given the power to choose how frequent would they want to receive updates from their subscription.

Make sure that customers know that the organization’s privacy policy has been updated, which parts have been reformed or completely changed. Email notifications or website pop-ups should inform users of the new changes, leaving no one in the dark.

The GDPR states that data breaches should be reported within 72 hours of becoming aware of the breach and encourages organizations to create an action plan. Educate all employees to prevent cybercrime from happening. Once the breach happens, publish an announcement and notify those involved or affected.

Meeting the requirements

For some businesses, the requirements will be easy to meet. For others, it will take months before it becomes logistically possible. Review the data the company is holding and send out consent emails to the current mailing list. Regularly update the company’s privacy policy and create a contingency plan for any breaches against its  security. In the long run, this could create great opportunities for increasing value of the data companies already hold.

About Wilson Consulting Group

Wilson Consulting Group is an innovative global cybersecurity consulting firm headquartered in Washington D.C., with a European office in London, England.

Our goal is to ensure that our clients are compliant, secure, and protected so that their customers will also feel assured. WCG is committed to assisting organizations as they work to meet the requirements of the GDPR. Further information is available at https://www.wilsoncgrp.com.