Operating a business in the EU, you’ve likely heard about the imminent updates to the handling of personal data online - the General Data Protection Regulation or GDPR. By May 25th, all businesses that handle data within the EU must comply or face steep penalties.
So what exactly is are the regulations and what do they mean for small businesses and freelancers? This blog post aims to provide the latest information about the GDPR and how it benefits individual privacy rights online.
How is the GDPR different from current data privacy regulations?
The GDPR introduces a new set of standardised regulations surrounding the handling of personal data that is gathered by websites and online services. Current data handling regulations are in place, however, the scope and application of the GDPR broadens and unifies the coverage.
The GDPR is designed to require businesses to be more transparent about the type of personal data that is being gathered when an individual visits their website or signs up for an online service. This transparency is outlined their privacy policy, which should be updated to comply with the GDPR.
The new regulations also aim to create a standard set of data handling procedures for all businesses operating in the EU - current regulations are country-based and can differ greatly. Not only does it apply to businesses based in the EU, but also businesses based abroad that are operating in the EU where personal data is collected.
The GDPR is designed to provide clear rights on the part of the individual, with the added benefit that consent can be withdrawn at any time from any business, and deletion of data can be requested following the stipulations laid out by the ‘right to be forgotten’.
Why is the GDPR being implemented now?
The new regulations are coming into play due to the rapid advancements of online technology. Current regulations quickly become outdated and don’t necessarily cover all aspects of data collection and processing.
The need to update the regulations and extend the scope to all EU countries allows better regulation by authorities for businesses that are not complying with the requirements.
What does the GDPR mean for me?
As an individual navigating the internet, data involving your browsing habits, page views, information entered, etc. can all be gathered for use by businesses. However, while this might sound invasive, much of this information is anonymous and is used for marketing and remarketing purposes - for websites to provide a more catered experience for each visitor.
Data entered in a form and submitted, such as to sign up for an online service or to a newsletter is also gathered by businesses, generally as a natural part of the onboarding process in order to allow you to get the most out of the service.
Now, each business that provides an online service must provide you with a full outline of their privacy policy and data handling process (all of which must be transparent and comply with the GDPR). You can also export all of your data at any time.
To summarise, the GDPR means:
- Businesses are clear about why they collect data and what they do with the data
- You must provide consent for a business or website to collect data
- You can withdraw consent at any time
- It is possible to export your data
- You can request your data be deleted under the ‘right to be forgotten’
Essentially, your rights to your data become much clearer and standardised across any website service you are using that operates in the EU.
How does the GDPR affect businesses?
Businesses of all sizes with an online presence will feel the impact of the GDPR requirements and will need to take the proper steps to comply. The current procedures for the collection and handling of data should be reviewed and updated as necessary.
Businesses that do not comply with the GDPR by the deadline, or those that violate the regulations will be subjected to steep penalty fees depending on the severity of the infringement.
More information about the GDPR & Debitoor
Debitoor has been working hard to ensure that our current handling of all personal data is GDPR compliant. We began by undertaking an additional analysis of how we process data in order to confirm that users and visitors to the site have the highest level of protection.
To find out more about what Debitoor is doing to become GDPR compliant, stay tuned as we’ll be publishing details shortly.