What is GDPR and how can it impact my business?

What is GDPR and how can it impact my business?

Learn what you have to do to adapt your business to the new demands!

With more and more people looking for products, content and services in the online world, more and more data has been provided to companies, which collect this information from the users in exchange for what they offer.

If there was still a feeling that legislation from all over the world couldn’t keep up with these changes, now the situation is about to suffer some relevant changes.

If you haven’t yet heard of GDPR, or still have questions about it, now is the time to learn everything about it!

The regulation comes into force on May 25th, 2018, and all companies that process and collect data need to know what changes in the new rules.

Would you like to find out how your business will be affected? Check out in this post what GDPR is and all the changes in the new regulation.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a set of rules from the European Union to protect the privacy of their citizens’ data.

The regulation was approved in April 2016, but it comes into effect this May, which is also the deadline for all companies to adapt to the new directives.

The data contemplated is everything that may be used to identify a person, directly or indirectly, such as name, picture, email address, banking and medical information.  

What are the main changes?

You can see all the changes imposed by the regulation to the companies that store and process data, on the official GDPR website. Below, we have a list of the main changes.

Consent

GDPR reinforces norms related to consent, to ensure that the users know exactly when they are allowing companies to access and use their information.

Terms written in fine print, that are illegible, or difficult to understand will no longer be accepted.

Right to access

Users have the right to know not only if their data is being processed, but also where and why. After all, they can request a free copy of the personal data used, in an electronic format.

Erasure of information

Another right that the users now have with the GDPR is to request that the company definitely erases their data and/or interrupts their dissemination.

Data portability

The owners of the data may also request their personal data provided to a system to make a portability, that is, to completely transfer them to another company’s system.

Notification of breach

This rule is important to make sure that the users are duly notified when there is a breach of a system that stores their data.

The GDPR states that companies have a maximum of 72 hours after becoming aware of the data breach to make the report.

What are the consequences to those who don’t comply with the new legislation?

To ensure that companies comply with the regulation and really make an effort to protect users’ data, the fines stated in the GDPR are high for any violations.

If an organization infringes any provision of the new directives, the fine could be up to 4% of the annual worldwide turnover of the preceding financial year or up to €20 million, whichever is greater.

For less serious infringements, such as not having organized registers or failing to notify any breach to the authorities, the fine is of up to 2% of the total revenue.

Obviously, the simple fact that the financial consequences are expressive already alerts companies to pay close attention and comply with the norms.

However, it is also important to follow the regulation in order not to harm the reputation of your company in the market, since the non-compliance may be seen as disrespect not only to the GDPR, but most importantly, to the safety of your leads and customers.

How does the new legislation affect the companies all around the world?

As the GDPR is a legislation from the European Union, many companies all around the world believe they don’t have to worry about the new data security policy.

Wrong!

The GDPR is not limited to companies that are located in the EU, but to all organizations that collect, store, or process data from EU residents.

Therefore, companies that have customers or partners in Europe must also comply with the new rules.

Moreover, Google Analytics has made changes to their resources to suit the new GDPR rules, which affects entrepreneurs who use the tool, all over the world.

Among the changes, there are new features to control the users’ data retention time. Thus, after the period set on the Google Analytics account, the data will be automatically deleted.

To prevent this from happening, you need to access the administration tab on your account and change the retention period.

We have prepared a step-by-step to show you how it’s done.

  1. Access the ADMIN menu from Google Analytics home screen:                                                                                                                     GDPR - Image of Analytiucs menu indicating to click "admin"
  2. From the drop-down menu in Tracking Info, click on Data Retention.                                                                                                             GDPR - Image of admin showing options of tracking info indicating to click data retention
  3. On the menu User and event data retention, choose the shortest period, or Do not automatically expire. In Reset on new activity, select the option ON.

GDPR - Image of Data retention options

What can you do to adapt to the legislation?

There are some small actions you can take to increase the transparency of your company and provide greater security to your users.

  • Revise contracts, terms of use and privacy policies to make the perfectly clear to those who wish to register on your page or purchase your services;
  • Make changes to websites and landing pages to make it very clear what you capturing the leads’ personal information;
  • Prepare to show the data from a lead, if it is requested, and be ready to delete it, if the lead so requires;
  • Place alerts on monitored websites to inform of the use of cookies.

Transparency for your business

Now you know how important it is to adapt your business to the new legislation, right?

Investing time and resources to make the necessary changes may be cheaper than ignoring the regulation.

Besides avoiding fines and keeping a good image in the market, the GDPR is here to show us that the time to rethink the way we deal with something as valuable as the users’ personal data is now.

We know this is a complex subject and many questions may arise. If you have any, just let us know in the comments section!

Our site uses cookies to enhance your browsing experience.