The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation takes effect from May 25th 2018. And everyone in the world of tech is talking about it.

From May next year, any of your customers can ask that you remove them from all of your data. You have 30 days to do this, or you could face fines of up to 4% of your global turnover.

Piece of cake?

Yeah. We’ll just delete their name from our database. Simple.

That’s a start. But you need to remove everything that could be used to identify that person, which includes their address, postcode, contact details and IP address. So that’s your receipts, invoices, server logs and database backups that you need to trawl through and remove data from. And that’s just the tip of the iceberg. If you’re providing a service you might have credit card or bank details, national insurance numbers, car registrations... They all need to go too.

We use a third party to store our data. That’s their problem.

Nope. Sorry. As the Service Provider (or ‘Data Controller’) it’s your responsibility to make sure those third parties (your ‘processors’) are not only storing your customers’ data securely, but that they also have the ability to fulfil any deletion requests.

But… But.. Brexit! We won’t have to worry about it after Brexit.

Well, maybe. But we’ll still need to be able to share data with countries who are still in the EU, and they’ll only do that if we have laws in place to prove that we’re handling their data securely. So the EU GDPR will likely become the UK GDPR when we leave. So you’ll still need to comply.

It doesn’t affect us. We’re based in the USA. It’s only an EU regulation.

Fine. As long as you don’t have any customers in the EU. If it can happen to Google, it can happen to you.

France's data protection watchdog has fined Google ‎€150,000 after the U.S. search engine ignored a three-month ultimatum to bring its practices on tracking and storing user information in line with local law.

http://www.reuters.com/article/us-france-google-fine-idUSBREA0719U20140108

So do you think your current methods of storing and managing data might need an update?

Get in touch to see how we can help keep you compliant.