Microsoft Trust Center GDPR Assessment Responses - Free whitepaper outlining GDPR and its implications, journey to compliance. Download today to get started.
What are the GDPR Penalties for Non-Compliance?
You could be fined 20 Million Euros or 4% of annual global turnover (whichever is higher) if you do not comply with the new regulation.
Does GDPR apply to me?
Likely. If you are a company that process personal data of individuals in the EU then you will fall under the regulation.
What are the GDPR changes?
You must obtain personal data through a clear consent procedure.
How does the right to be forgotten work in principle?
When an individual citizen wishes to have their data removed, the data controller must take appropriate steps to inform appropriate parties in the organisation about the erasure. However, unsubscribing or opting-out from marketing communications is different from the right to be forgotten. If an individual doesn’t want to receive direct marketing communications, the organisation should retain their personal data for as long as necessary in an ‘unsubscribe’ file and all people within your organisation should be aware.
Organisations will be able to retain customer information and be able to contact them about safety or product recall concerns even if that customer has exercised the right to be forgotten.
How does the right to data portability work in practice?
The right to data portability only applies where the data processing is based on content, carried out by automatic means and the data subject has provided the information. In practice, it will only apply to cases where the customer switches providers, such as social media services or utilities.
What about Subject Access Requests?
Individuals have the right to obtain the personal data held about them free of charge the first time. For any further copies, organisations can charge a ‘reasonable fee’. Organisations are also within their right to refuse to answer a subject access request if it is malicious in nature.
What does “retaining data for as long as it is relevant” actually mean?
This principle is a storage limitation principle in the new regulation. ICO has produced guidance on the current principle here. How frequently would you suggest consumer consent should be refreshed, if at all? You do have to offer subjects the opportunity to opt out, but not necessarily refreshing consent. Will digital tracking techniques need to be more transparent now? Clarity and transparency of consent are a highlight of the new regulation. This includes digital data such as cookies.
How will the GDPR changes impact B2B marketers compared to B2C marketers in terms of email?
A small difference will be made. This is because B2B data can be viewed as personal data as it identifies an individual, i.e. a business email or phone number that relates to an individual is considered personal data. B2B contacts will be treated in the same way as B2C when personal data is involved.
Do you need more information on how GDPR relates to your organisation?
Please get in touch with us and we'll be able to provide a consultation on how you can make sure you are compliant with the EU regulation by May 2018.