vafromeurope_virtual_assistant_for_your_business

GDPR: Are You Ready For The Changes?

GDPR was adopted two years ago, but it is only on 25 May 2018 that it – and the related fines – come into effect. If you feel like you are the only one not to have heard about it, don’t worry – while large corporations have done much to prepare to the change so far, there are millions of other entrepreneurs like you who feel ignorant of any “revolution in data protection” coming.

VAfromEurope has set out to explain to our clients the basics of GDPR answering the most common questions they might have:

What is GDPR?

GDPR stands for General Data Protection Regulation, which was adopted by the European Union and comes into effect on 25 May 2018. Starting with this date, failure to adhere to GDPR will cost businesses up to €20 million or 4% of the annual revenue.

Who does GDPR relate to?

GDPR relates to all companies that are established in the EU and those who are outside of EU, but have EU employees, monitor behavior of EU data subjects, market products to EU citizens or use EU citizen’s data for their own products (e.g. IT companies).

What is considered “personal data”?

Personal data comprises the persons’ name, email, address, phone, IP address, as well as their religion, sexual orientation or personal opinion. Companies possess personal data of their employees, partners and clients and should take care to assure data security for all these subjects.

What are the most important changes we should know about?

  • A valid reason for data processing

You should choose and document a lawful basis for each data processing activity you perform. GDPR allows choosing between six lawful bases: consent, contract, legal obligations, vital interests, public task, and legitimate interests. Mind that lawful bases apply only in cases when the collection of personal data is necessary. If the data cannot be considered necessary for or relevant to the purpose of the activity, it should not be collected or stored.

  • Consent

GDPR has established stringent regulations regarding receiving, recording and managing consent, which is one of the most common lawful bases for processing data of clients. In particular, GDPR demands to obtain explicit consent from all subjects, inform them of the organization controlling and/or processing their data, explain the purpose of collecting consent and the ability to withdraw it in a clear and plain language, and keep the record of how the consent was received. In addition, you should make sure you don’t make a consent a precondition for a service and do not penalize subjects for withdrawing consent.

  • Personal privacy rights

GDPR has brought some important changes to the personal privacy rights. In particular, subjects should now be able to access, copy and transfer their personal data, as well as object to its use for a particular purpose. Subjects have also received a right to erasure of personal data, also known as “a right to be forgotten”.

Should we do anything if we do not do anything wrong with the data?

Yes, you should. GDPR requires not only to comply with the new rules but also to maintain accurate documentation of data processing and the related policies and procedures (e.g. procedures in case of a data breach), which would demonstrate compliance. In addition, you should appoint a Data Protection Officer or a data protection specialist and sign GDPR-compliant contracts with all processors or other subcontractors given access to the data you hold. You should also be ready to show you have conducted a internal audit and staff training on the new rules. What is more, if you have not used data encryption, should start implementing it to adhere to the security by design requirement.

Should we do anything with a database we already have?

Yes, you should. You need to make sure your legacy data was obtained in the way, which is compliant with current GDPR rules. If you do not have a documentation on how data was received or the process of obtaining consent contradicts current rules, you should inform the subjects of the information you hold and a reason for its processing giving them right to object or ask subjects to positively opt-in again.

Conclusion

Revising long-standing policies and practices may take up a lot of your time, but this is something you cannot escape – fines amounting to €20 million or 4% of the annual revenue sounds like a strong argument, doesn’t it? Still, our virtual assistants may free you from a wealth of other responsibilities, so that you concentrate on what is urgent and important, GDPR compliance in particular.

Latest NEWS

vafromeurope_virtual_assistant_for_your_business
The Importance of Call Center Support for Insurance Industry

In today’s competitive insurance industry, providing exceptional customer service is pivotal for retaining clients and fostering long-term relationships. Call center support plays a crucial role in this endeavor, serving as the frontline between insurance companies and their policyholders. From handling inquiries and claims to offering assistance with policy management, call center agents serve as trusted […]

social_media_news_vafromeurope
March Social Media Digest

Spring is in full swing now. However, following the latest media updates and implementing them into your marketing strategy is always a great idea. So, here is the list of SM updates in March for you to consider.   Instagram is looking to boost messaging Instagram rolled out new features for direct messaging (DM) to […]

vafromeurope_virtual_assistant_for_your_business
Streamlining Your Coaching Business With Virtual Assistance

As a coach, you thrive on guiding individuals to achieve their goals in various aspects of their lives, whether it’s in business, fitness, or daily life. However, as your client base expands, you may find yourself overwhelmed with the multitude of tasks required to keep your coaching business operating smoothly.   Your day-to-day responsibilities may […]