EU Data Protection – What is GDPR?

Kaboompics on fire! Well, not really, but there is a storm coming. The question ‘What is GDPR?’ has been trending in Google for some time now. The new ‘rule’ introduced by the European Union is called the General Data Protection Regulation (GDPR) and concerns the processing of personal data for marketing and sales purposes. The regulation will not only introduce a number of changes to the European countries, it will pretty much influence the entire globe. After all, most of all sorts of the ‘marketing activities’ are dependent on, or go through Europe.

Therefore, it is not really surprising that the announcement of GDPR caused a stir in the marketing world. Anyone who is working with personal data – collecting, storing, sharing, or processing it any other way, has to know what this regulation changes. It will apply to all European Union countries, and in Poland, it will replace our existing law. Many services, such as Kaboompics, and others that have anything to do with data collection, will have to adapt their policies to the new directive. Is there anything to be afraid of?

Why change something that’s already there?

GDPR is the EU’s response to the rapid development of the global network, which enables the smooth flow of the huge amounts of data between servers across the globe. The gap between the reality and crazy visions from the series such as ‘Black Mirror’ or Aldous Huxley’s novel ‘Brave New World’ it smaller than we may think. Our personal data can travel around the world in the blink of an eye, and we may not even realize that. It is therefore highly important to protect it.

Until now, the situation in Europe was quite complicated.

Each European country has its own data protection law, and it is either extremely time-consuming or costly to study at least one of them. Without knowing the law of a given country, we may get into many unpleasant situations. The plan with the GDPR is to normalize the rules concerning data protection so that every customer is properly informed what his or her data will be used for.

To make it simple

In the United States, Canada, and Australia, online privacy laws are fairly uniform, making them much easier to comply with.

For example – you take a picture in Texas knowing that you did not breach any rules while doing so. Now you can use this photo in any other state under the same conditions, no need to check the rules again. While in Europe, the photo you took in Spain could be violating personal data protection policy in, let’s say, Iceland.

– So, wouldn’t it be nice to have one regulation instead of 40 different ones?
– It surely would. And what’s more, it is not as complicated as it seems. There’s nothing to be afraid of!

The GDPR has been drawn up in a way that is not similar to other EU directives – it does not impose ready-made solutions on us.

For example, it doesn’t require us to store our customers’ data 3 meters underground, in an armored safe, on an encrypted disk protected by the brand new military technology. It is more a list of rules. What permissions must be given by our users, what data we can use freely, what data we should not even try to touch, etc. Below you will find some of the most important aspects of this regulation.

[irp]

What do I need to be aware of?

Let us start with the most important and at the same time the most trivial detail – the term.

GDPR takes effect on the 25th of May 2018. It is worthwhile to prepare yourself before that. Improve your knowledge, and properly secure your business.

The best idea is to add a tab to the website explaining for what purpose we use the collected data, how it is processed and how it is protected. Everything should be contained in a simple, accessible form (this is one of the assumptions of the GDPR). Anytime there’s a need for that, you link to your privacy policy tab, so the user can check to what he or she agrees.

And what should be written there?

Well, we must clearly communicate to the recipient that their personal information is safe in our hands (or on our servers) – we clearly state the purpose for which we collect it and we explain as intelligibly as we can our intentions.  Whatever we do with the information, we have to own a proof that our user agreed to it. The more honest you are with your users, the more it will help you in building an amazing online community!

[irp]

What’s most important?

I think that vital information about GDPR is that all the agreements that we already have shall remain valid. Agreements must be rightly collected, though.

This means, that the user knew about the newsletter subscription when signing up. If people share their email because they are offered a bonus (well, a bait!), like an ebook, and they don’t know that they are subscribing to more emails, then base collected in this way is unusable.

Remember that once the law takes effect, we will have to provide more information when offering our users to join the newsletter. As I have already said, the user needs to know what he agrees to. Simple 😉

P.S. If you were cutting corners to get the list of subscribers, then by the end of April your database may become invalid. Make sure it is legal!

Another important rule is the right to be forgotten and the way GDPR touches it. In theory, every citizen can demand that their data be permanently deleted from the web, in practice, if this involves too much effort, be it financial or technical, and especially if it may affect the security of other personal data, no one can order us to interfere with the backup.

As you can see, there is no big threat to fear. What’s more, there are some advantages to this law:

  • No need to add more checkboxes – you do not need to activate your web dev. In fact, GDPR is aimed at the complete elimination of checkboxes, as it will not require consent for the processing of data in the form of a written communication.
  • It will not interfere with the exchange of data with the US
  • It should not be expensive to implement – the truth is that every blogger with some experience and basic knowledge should be able to do it. Even this article can help a little 😉

Summing Up

Internet privacy is essential. In the context of recent events, such as the questioning of the Facebook founder Mark Zuckerberg by the US Congress about the data leakage and misuse, more and more people are becoming aware of the importance of the problem.

The implementation of GDPR will give us greater control over our private information and their use by any parties. Instead of restricting freedoms, the Union has proposed sensible solutions – they do not, of course, guarantee full protection, and require a certain amount of work in their implementation.

[irp]

However, it has to be acknowledged that the EU has taken the subject seriously and did a solid work. Remember though, that nothing is lost on the Internet and you are never fully anonymous – keep an eye on your identity, that is one of the most important things you have!

 

Kaboompics’ translator, editor, content creator, idea generator, marketing alligator. Peculiar are his thinking patterns, but he is a solid writer once he gets to it. “It’s good to finish your Bio with a meaningful quote."