Since the EU passed the General Data Protection Regulation (GDPR) in May of this year, any company working within the EU needs to be on top of the new regulations. Read on for three important things you - and your company - should always remember about the GDPR so as to avoid the crazy-high penalties for violations.
- Yes, it applies to you. (Probably.) The GDPR applies to any business that processes the personal data of EU citizens - and it doesn’t matter where those businesses are physically located. If you handle any personal data of an EU citizen, the GDPR applies to you and you need to be sure you’re compliant.
- It means any kind of data. Seriously. Any data you request of a customer that can be used to directly or indirectly identify a person is now regulated by the GDPR. Make sure you really understand what’s covered by it.
- No legalese, lawyers. The GDPR requires explicit permission to process any personal data - and clear language is key in the request. This means it can’t be buried in “fine print” privacy policies or lengthy legal documents; we’re talking plain language for the “every customer.” Pop-ups are a great tool for this (and here are some samples to check out).
Here’s a handy-dandy infographic that helps break down the basics of the GDPR. For something more advanced, check out the upcoming program on GDPR Compliance in M&A Transactions, which addresses the due diligence required in nitty-gritty detail.