What is GDPR?
The General Data Protection Regulation (GDPR) is a new internet privacy regulation that took effect on May 25, 2018. Put simply, businesses located in or selling to Europeans are required to adhere to new regulations that give internet users access to their data (among other rights). If they don’t, they’ll be charged with hefty fines.
How do I make sure my business is compliant to these new regulations?
Following the new regulations is much like going through a hoarder’s pile of junk. The difference is, following the GDPR is mandatory. To start, take inventory of all the data you have, organize it, and decide what data you need to keep and what you need to “shred.” Next, establish a data storage system. Establish a system for all future incoming data as well (how it will be processed, stored, etc.) Update all policies, consent forms, and other documentation according to the new regulations. (Consult a lawyer if necessary.) And establish a course of action in case a client contacts you and either requests access to their data or asks you to erase their data from your system.
For more details about GDPR and how it affects your business specifically, visit the European Commission website.