Understanding GDPR

Recently, the news of GDPR has been hotting up since the deadline for compliance is nearly upon us (May 25th 2018). This post has been specifically created for website owners who are confused, scared or want to just-make-sure that they comply with the EU’s new Cybersecurity Compliance rules.

What is GDPR?

GDPR stands for General Data Protection Regulation, and it will be enforced by the EU starting from 25th May 2018. It is essentially a fancy title for ‘giving users control of their own data’.

Isn’t that just the Data Protection Act?

Sort of. In 1998, the Data Protection Act (DPA) was introduced with the similar objective of giving users control of their information. GDPR slims the DPA from 8 principles to just 6 – with an updated viewpoint towards cybersecurity and digital data processing.

What are the 6 main principles?

  1. Know the data you have. And why you have that data.
  2. Introduce and maintain a documented structure for the data.
  3. Know who is responsible for data management.
  4. Protect the data you don’t want disclosed.
  5. Create a data-secure culture for your business.
  6. Have contingencies in place (Expect the best, prepare for the worst).

That’s it? Really?

Yes and no. There is a lot in the GDPR overview official document/s (available here or a summary PDF here.) about exactly how these principles are to be enforced as well as specific guidelines of how the data needs to be provided to the user upon request.
If you imagine you’re a mummy bird, carrying a bunch of mouldy worms. You need to be able to regurgitate those worms – should the chicks ask for them. But essentially, the 6 principles are the main things. Oh, and to complicate things and make them look more impressive – the official GDPR document adds letters instead of numbers before the 6 principles. Just coz.

What happens if I ignore GDPR?

There is a lot in the official document regarding consequences of not adhering to the principles. Sadly the consequences could be quite harrowing, if the EU really are keen to implement them – and it appears as though they are (click here for a scare).
Imagine someone gave the milk monitor in primary school the power over detentions. Or -perhaps more accurately- some bright spark deciding that the lions would be good zookeepers for the zebras.
That’s the sort of thing we’re looking at here. So, in short, don’t ignore GDPR.

What do I actually do about it?

If for nothing else, this is just a good excuse for a spring-clean of your data flow within your business. A lot of businesses will keep a list of clients and suppliers, and that’s going to be the extent of it for most.
For anything beyond that, have a brain storm (of whatever term is more politically correct these days) on a white board and work out a flow. Take a photo of it, save it in a document somewhere and make sure you follow it correctly.

I’m pro Brexit, so I don’t care about the EU

Good to know, but sadly it’s not going to help you. Whether the UK fully leave the EU, fully stay or something in-between, the GDPR comes into effect 25th May 2018. No matter what the Brexit plans are, they won’t be implemented before then. That’s right, it’s Cookie Law all over again.

Are there any positives to GDPR?

A few. Obviously the consumer gets more control over their data and businesses are held more accountable for the data that they manage. Whether that be a positive or not, I will leave to you to decide. But one thing is clear. When you ask to be taken of spam mailing lists (digital or otherwise), you’ll actually be able to do something about it. And businesses will be listening more carefully for unsubscribes with potential fines in the region of €4m.

Is there anything else I should know?

Probably. This is just an overview to kickstart your understanding of GDPR. But, and don’t quote us here, if you follow the above steps properly then you should find the GDPR document easy-reading.

Useful links and Further Reading