See all of our blog posts

The EU General Data Protection Regulation (GDPR)

26 July 2017 <> Written by Iain McShane Tagged: data security GDPR

The EU General Data Protection Regulation takes effect from May 25th 2018. And everyone in the world of tech is talking about it.

From May next year, any of your customers can ask that you remove them from all of your data. You have 30 days to do this, or you could face fines of up to 4% of your global turnover.

Piece of cake?

Yeah. We’ll just delete their name from our database. Simple.

That’s a start. But you need to remove everything that could be used to identify that person, which includes their address, postcode, contact details and IP address. So that’s your receipts, invoices, server logs and database backups that you need to trawl through and remove data from. And that’s just the tip of the iceberg. If you’re providing a service you might have credit card or bank details, national insurance numbers, car registrations... They all need to go too.

We use a third party to store our data. That’s their problem.

Nope. Sorry. As the Service Provider (or ‘Data Controller’) it’s your responsibility to make sure those third parties (your ‘processors’) are not only storing your customers’ data securely, but that they also have the ability to fulfil any deletion requests.

But… But.. Brexit! We won’t have to worry about it after Brexit.

Well, maybe. But we’ll still need to be able to share data with countries who are still in the EU, and they’ll only do that if we have laws in place to prove that we’re handling their data securely. So the EU GDPR will likely become the UK GDPR when we leave. So you’ll still need to comply.

It doesn’t affect us. We’re based in the USA. It’s only an EU regulation.

Fine. As long as you don’t have any customers in the EU. If it can happen to Google, it can happen to you.

France's data protection watchdog has fined Google ‎€150,000 after the U.S. search engine ignored a three-month ultimatum to bring its practices on tracking and storing user information in line with local law.

http://www.reuters.com/article/us-france-google-fine-idUSBREA0719U20140108

So do you think your current methods of storing and managing data might need an update?

Get in touch to see how we can help keep you compliant.


A demo of Cosmo bot in action
The MoM of all Apps

How Razor took a failed idea with potential and turned it into a reality, making Market of Mums the ultimate social selling platform for parents to buy and sell their children’s unwanted clothes and toys.

Houses drawn on post-its
Guaranteeing the success of your next digital project

How exactly do you guarantee the success of your next digital project? The answer to this question is simpler than you might expect: you start with Discovery.

12th July 2019
What every CEO needs to know about Digital Transformation

In this paper we explore the right approach to digital transformation and expose the pitfalls.