March 2019 Newsletter – GDPR

Does GDPR Apply To Me? How About The California Consumer Privacy Act?

The General Data Protection Regulation, or GDPR, is already in place and being utilized throughout the business world. Approved in April 2016, the GDPR gives consumers control of personal data gathered by companies. It applies worldwide to any member of the European Union. Companies have been given two years to comply with the regulations, which are now in full effect.

Meanwhile as of this month, over 2000 complaints have been received by the Data Protection Commission. Undeniably the European Union body assigned the task of governing the GDPR prosecutions. In January, a 65 million euro fine was leveled against Google for lack of transparency. Inadequate information and lack of valid consent regarding ads. Fines can reach up to 4 percent of the total revenue of a business.

Presently, on the surface this seems like legislation primarily aimed at social media outlets. They are the primary offenders which serve as a catalyst for this action. Large targets are dealt with you can be certain the GDPR will continue to be enforced.

GDPR Compliance

To ensure you are GDPR compliant, here is a basic checklist of things to consider for your company:

• Additionally, ensure your privacy policy is GDPR compliant. Specifically, note that each element of data security must be accepted by your clients independently. It is no longer acceptable to have a single policy form with a single point of acceptance for all privacy concerns. For example, if your services disseminate personal email to other businesses. Also accesses contact information for other purposes, these are two separate elements which must be agreed to by your clients separately.
• Determine what personal data you store about your customers. Ensure you have obtained it with their permission or from a public source where they have voluntarily revealed the data.
• Double check your retention policies, to ensure you are not keeping personal data for longer than necessary.
• Check your security protocols to ensure the storage of this data has a level of security appropriate to the risk. Ensure the data is only accessible for its intended purpose.
• For larger businesses, assigning the role of Data Protection Officer is necessary to have a consistent point of contact for addressing security issues and data retention policies.
• Finally, if you use third-party contractors which process personal data on your behalf, ensure your contracts are also GDPR compliant.

Though it may seem a daunting task with a potential price tag attached, the consequences of non-compliance far exceed the trouble. It is true that the large social media outlets are the primary target of the GDPR, but it is a given that other businesses which fail to properly regulate personal data are in the cross-hairs. Don’t let your business be the next target.

CCPA

The California Consumer Privacy Act is similar to GDPR.  With that said, If you have any type of transaction with a resident of California, you too, will be obligated to maintain compliance,  California Consumer Privacy Act is designed to show transparency, control of information  and accountability of information.

Lastly, it was after the release of the “Cambridge Analytica” this initiative took hold and was eventually passed in the State Legislature in 2018.