GDPR is undoubtedly the most talked about topic this year. The EU General Data Protection Regulation (GDPR) is cited as ‘the most important change in data privacy regulation in 20 years’ and comes in to effect on May 25th, 2018.
GDPR applies to all companies processing the personal data of individuals living in the EU (regardless of the company’s location) and as such this change affects almost everyone in some way. Unless you restrict your business activities to processing data covered by the Law Enforcement Directive, or for national security purposes then GDPR applies to you.
Despite ambiguity in its interpretation which continues to drive headlines and scaremongering stories in the press, one thing is clear – the purpose of the new Directive:
“To harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy”.
Put simply it is there to protect people from privacy and data breaches in what is an increasingly data-driven world. The previous Directive from 1995 was simply outdated and ineffective. The desire to unify privacy laws, and fundamentally change how companies view and use data is key. While it may not be simple – we think it represents positive change for many businesses.
Our clients comprise of HR and Client Services professionals as well as business owners. All have a duty to manage and protect the data that their organisation owns and utilises in its day to day running. This includes the data shared in the context of gathering feedback with technology like ours.
Why did we write this?
We want to help our clients understand how we ensure they stay compliant with GDPR. We’ve picked out the key parts of the new Directive and explained how they work in context to your feedback programmes. We want to help make it as simple as possible for you to understand your responsibilities and stay compliant. A lot of the changes required are small but designed to show businesses are building data processes with privacy considerations firmly at their core (referred to as ‘Privacy by Design’).
Disclaimer: If you have read up on GDPR or had internal training on it, you may have noticed that interpretation can differ. There’s a large sense of uncertainty even among the experts in this field. Please remember this article is provided as guidance only and should not form the basis of any decisions without you first seeking professional legal advice. If you want to read more about GDPR click here to read the Information Commissioner’s Office guidance.
It’s serious stuff – Penalties can be large for both processors and controllers.
Under GDPR, companies caught breaching the rules can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). Thus, awareness and compliance are critical. This is the maximum for the most serious infringements and there is a tiered approach to fines e.g. a company can be fined 2% for simply not having their records in order.
Read more about the key changes affecting your feedback surveys with The Happiness Index:
If you have any questions about GDPR and are a client of The Happiness Index, please contact your account manager.