What is GDPR?
The GDPR (General Data Protection Regulation) is a new European Union (EU) regulation that is designed to give EU citizens more control over their personal data. GDPR will come into force on 25th May 2018. Non-compliance could bring with it unprecedented fines to companies that don’t adequately protect the data of EU citizens.
How will GDPR affect businesses?
Under GDPR regulations, businesses, not just in the EU, but across the world, will have to make changes to their company’s personal data collection policies.
Companies will now have to explain to their customers how their internal processes use their data, from where this data is collected, why this data is collected, and how the company decides what to do with the data. Companies will also need their customers’ consent when collecting any personal information at all.
What does GDPR mean for a New Zealand business?
Even though the GDPR has been formulated to protect the citizens of the EU, these new rules will also have an impact on businesses outside the EU that potentially handle personal data of anyone residing in the EU. So, irrespective of whether you are in New Zealand, Australia, USA, or China or any other country outside the EU, you need to review your internal data processing procedures or risk hefty fines for non-compliance.
Any company that is not physically present in the EU, operates an e-commerce business, or operates in industries such as logistics, software services, travel and hospitality should take extra measures to ensure they comply with the GDPR. In fact, we think it is important for all businesses. So, if you have an online website or social networking profile for your business, you really need to make sure you comply with these new rules. The reason for this is that if you operate your business online, you have no control over who uses your website, who submits your forms, who purchases your products or who interacts with your social networking sites.
What are GDPR non-compliance fines?
Non-compliance with the GDPR could result on hefty fines being imposed on any business that controls or processes data. This law gives the EU data protection authorities the power to impose a number of fines on businesses ranging up to:
- €10 million, or 2% of the company’s worldwide annual revenue of the prior financial year, whichever is higher, or
- €20 million, or 4% of the company’s worldwide annual revenue of the prior financial year, whichever is higher.
Getting on board the GDPR train:
Moving your organization into GDPR compliance is a process you should have ideally started months ago. Fortunately, you haven’t missed your opportunity as we have produced a 5 document package for you that includes:
The GDPR regulation compliance guide.
A list of personal data that falls under the GDPR.
Email notification template and newsletter consent template.
Don’t let your company become a newspaper headline!