Guides to the GDPR jungle

Does your organisation comply with the new data protection rules? It can seem as quite a jungle of rules and regulations to navigate in. But none the less, we all must consider how we handle and collect the data from our customers, partners etc.

As part of our April theme “Data & IOT” we’ve collected a variety of online guides, tips & tricks to help you navigate in the land of GDPR. But first, let’s look at the basis of GDPR.

What is the GDPR?

First let’s look at the background of The EU General Data Protection Regulation (GDPR).

This is the culmination of four years of efforts to update data protection for the 21st century. People regularly grant permissions to use their personal information for a variety of reasons in exchange for ‘free’ services.

  • GDPR seeks to give people more control over how organisations use their data, and introduced hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches.
  • It also ensures that the data protection law is almost identical across the EU.

When inviting contacts to events, sending out newsletters, gaining permission to contact potential customers etc. you must keep GDPR in mind.

Why was the GDPR drafted?

There are two main factors behind the introduction of GDPR. The biggest one is the EU’s desire to bring data protection law in line with how people’s data is being used, especially considering that companies like Amazon, Google, Twitter and Facebook offer their services for free, as long as people offer their data to these tech giants. The dangers of granting such vast permissions is obvious in a massive case such as the Cambridge Analytica scandal, where 50 million Facebook profiles were harvested to influence the 2016 US election.

The internet and the cloud up until now allowed organisations to invent numerous methods to use (and abuse) people’s data, and GDPR aims to rectify this.

The second driver is the EU’s desire to give organisations more clarity over the legal environment that dictates how they can behave. By making data protection law identical throughout member states, the EU believes this will collectively save companies €2.3 billion annually.

What does it mean for your company?

Collecting and handling data according to the GDPR standards might already be in your processes as main parts of the regulation has been a fact for the past years. Nevertheless, implementing unplanned and last minute add-ons to your systems, has the risk of being rigid and working against design, convenience and customer experience.

You might need to review your internal processes in collecting, using and storing user data as they now have the rights to transparency and to object, modify and delete the data along with the right to limit the use of the data. Also consider again to which extend you need the personal data. Only collect what you need, and consider in what frame you need it.

Allocate internal resources to go through your processes and to determine new processes for sharing information and collecting the data. You might need to consider how to get an updated permission from your current users and how to collect future permissions without needing a law-degree for both the user and the colleague using the data – make it strategic and convenient.

Below you find a collection of articles we find very useful on the subject. Also, you can find a collection of Danish articles from Dahl Accounting. They can also assist in reviewing your company’s use of personal data and advice on implementation of GDPR.

Articles & guides:

Legal framework & tips (ie. In Danish)