The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It provides individuals with new rights in relation to how your personal data is collected, used and stored and provides new rules for organisations on how to handle personal data.
Save the date! GDPR comes into effect on 25 May 2018.
So what does Personal Data actually mean?
Personal data means data which relates to a living individual, that can be used to identify that specific individual, including any expression of opinion about the individual.
Without any of the legal jargon, personal information essentially refers to things like your:
|Email address||IP address||Location data|
Any data that has been anonymised or aggregated will not constitute personal data.
GDPR classifies two different types of personal data. There is personal data (the type of data shown above) and sensitive personal data, which includes things like:
|Religious beliefs||Political views||Sexual orientation|
|Health data||Biometric data||Genetic data|
What makes sensitive personal data special, is the fact that it requires businesses to obtain explicit consent from the customer, or in other words, customers have to actively ‘opt-in’ to share their personal data. Gone are the days of the pre-ticked box for obtaining consent, finally.
Ok, but why is this a big deal?
In this section, we'll talk about individuals and companies separately.
GDPR aims to give power back to you and let you have more control over your data. GDPR gives you some new rights and builds on some old rights in relation to your data, such as:
Right to erasure - also known as the ‘right to be forgotten’. The GDPR introduces a right for individuals to have personal data erased. The devil is in the details though, as this right is not absolute and only applies in certain circumstances.
Right to data portability - The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Taking the legal jargon out again, this right is like a 'U-Switch' for your data. It allows you to instruct a company to take all your data and send it elsewhere, for example when you switch phone networks without changing your number.
Right to be informed - Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. And in case you haven't already read them, part of all these emails you’ve been receiving about your data from various companies is in relation to this right.
GDPR introduces a duty on companies to appoint a Data Protection Officer (DPO). The DPO has a number of important responsibilities including:
- monitoring compliance with the GDPR and other data protection laws;
- raising awareness of data protection issues, training staff and conducting internal audits; and
- cooperating with supervisory authorities such as the ICO on the company's behalf.
The GDPR means that all organisations now have to report certain types of personal data breaches to the relevant authority. Once a company becomes aware of a breach, they've got a responsibility to report it within 72 hours. If it looks like that breach will adversely affect individuals’ rights and freedoms (for example a person could be in danger of identity theft), the company also has to inform those affected as soon as possible, otherwise they could find themselves in some serious hot water, both by the regulator and their own customer base!
And now for the juicy part - being in serious breach of GDPR can result in a fine of up to 20 million euros or 4 percent of your global turnover.
What is B3 doing about GDPR?
We’re trying to be as transparent as possible as we know how much you value your data. By allowing us to use it, we can create a more bespoke offering for you, which will hopefully allow you to get even more value from the B3 services.
Companies using the B3 package will receive an update in the dashboard of each of their customers. Here your customer will be able to opt in or out of marketing emails and marketing pushes whenever they want and request to delete their account.
So that we’re clear B3 promises you that we will:
✅ Always keep your data safe and private.
✅ Never sell your data.
✅ Allow your customers to manage and review their marketing choices at any time.
We understand that our compliance with GDPR is critical for your business. We are making all the efforts to ensure your customer data stays safe, while also being mindful about keeping things simple for developers. We will continue to share regular updates about upcoming changes. If you have specific questions about our GDPR readiness roadmap, write to us at firstname.lastname@example.org
Disclaimer: None of the content above is legal advice. Please seek legal counsel for specific recommendations related to GDPR compliance.