GDPR (General Data Protection Regulation) is the EU’s new data privacy regulation.
It introduces a strict set of rules for how and why organizations can collect and use personal data. The goal is to EU give citizens increased control over how their data is used, shared, and stored.
Every time a customer sends an email, orders something online, or just visits a business website, personal data is shared with the business. GDPR gives the citizen the right to view, limit and control how the business collects and processes all information that directly or indirectly can be used to identify the citizen.
Suppose you have a customer who attends a conference that you have organized. She signs up for the guest list and enters information about her allergies. This is sensitive health information, which you in turn forward to the caterer. You are now required to inform your customer why you collect this information, and that you need her explicit consent.
After the conference, your customer may want to know what kind of data you have that is related to her and has been shared with third parties. You have one month to provide for her a complete overview of what you and your sub-contractors have collected about her. She can require to review and correct this personal data. GDPR also gives her the right to be forgotten.
If personal data is compromized, GDPR has imposed stringent requirements on how this is to be reported to both the authorities and the citizens concerned.
The GDPR applies to any business operating in the EU, including businesses outside the EU that offer goods and services to the European market.
Businesses that do not comply to GDPR will be exposed to additional risks. Not only do you risk losing the customer because she no longer trusts you. You can also risk heavy fines from the authorities. In other words: to keep both customers and governments happy, your business should have a good system to ensure secure handling of personal data.
Companies will spend billions of dollars on GDPR. compliance. But there are ways to become compliant without major investments.
ICONFIRM is a digital tool that allows your business to demonstrate GDPR compliance in a straight forward and very cost efficient way.
ICONFIRM makes it easy for citizens to handle their rights, and makes it easy for the business to administre their requests. Should the authorities come knocking, the business will always be ready to document compliance.
Video: Easy GDPR Compliance With Iconfirm