Overview of the GDPR

7th August, 2017


Data Protection is not necessarily a new topic, but it is one that is often overlooked, The General Data Protection Regulation(GDPR) brings a new set of rules and regulations to modern day. The GDPR superheroes have come together to identify some of the topics that the Salesforce community should be aware off and put them into easy to understand terms.

We will be analysing these topics and providing best practice leading up to the GDPR becoming law. Check back for updates and follow us on Twitter to be the first to know!

– The GDPR Superheroes

Timeline

It is incredible to think that the last major overhaul in European data privacy legislation occurred almost 20 years ago. Since this time, the world has been introduced to incredible technological advancements.

The Data Protection Act (DPA), in 1998, was revolutionary. It was the first set of rules in the UK that established the legal right of an individual to control information about themselves. The DPA is still the current Act in place to oversee the use of personal data, though it has been morphed into may odd shapes through amendments.

The Privacy and Electronic Communications Directive (EC Directive) was brought on as an overhaul to the marketing aspects of the DPA. This was brought into law in 2013 to address automated marketing through recorded phone calls. This was widened to included any form of unsolicited marketing as the internet and technology have grown over the years.

Obviously we are all aware of The iPhone, arguably the first ‘smartphone’, putting the power of the internet in your had, wherever you are.

The General Data Protection Regulation (GDPR), in which we are about to go into more detail on, is finally in its implementation phase after years of writing.

It is crazy to believe that since the release of the iPhone, it has still taken 10 years for a major change in regulation!

The Bottom Line

What does GDPR stand for?
The General Data Protection Regulation

When does it come into effect? 
May 25th 2018

What about Brexit?
The GDPR will come into effect prior to the UK leaving the European union, further to this the Department for Digital, Culture, Media & Sport has now announced The Data Protection Bill in response to the GDPR.

Who does it effect? 
The GDPR applies to any organisation that retains, processes, or profiles the data of UK or European Citizens.

What is the penalty for non-compliance?
If you violate the GDPR you can be fined up to 4% of your worldwide turnover or €20 milion , whichever is greater, though this varies depending on the level of violation.

Four Areas of Focus

In order to make this information a bit more digestible, we have broken down our overview into 4 specific areas.

Awareness
The foundation of the GDPR is built around the idea that your customers have “the right to be informed.” The GDPR places Data Processors (organisations in which process data on behalf of another organisation, i.e. a SaaS Company) in the same trajectory as the Data Controller (your business). This means that not only yourself but your service provider are responsible for taking action and protecting your customers.

Consent
The GDPR not only reinforces the need to collect consent to process provided information when collecting personal data, but strengthens it to levels which we have not seen before. Generally when thinking about consent, it’s whether or not an individual is subscribed to receive a newsletter or other marketing material. In the case of the GDPR, it’s much more that than.

Control
The GDPR does a great job of putting the power back into the hands of the Data Subject. While this is great for the Data Subject, this will be the largest operational impact that the GDPR will have on your business. It goes to great lengths to minimise the data that you are collecting and ensuring that the Data Subject has complete control over it.

Responsibility
The GDPR places Data Processors (organisations in which process data on behalf of another organisation, i.e. a SaaS Company) in the same trajectory as the Data Controller (your business). This means that not only yourself but your service provider are responsible for taking action and protecting your customers.

Check out our breakdowns for further exploration into each of these areas.

 

If you have any questions please or would like to contribute content, please email us at info@gdprsuperheroes.com! 

About the Author

Stephan Garcia

Stephan's experience in data protection stems form early exposure to HIPPA in the medical space. Over the last 5 years, he has shifted his focus onto the Salesforce.com platform. Combining his experience of CRM and data compliance, he feels right at home when talking about the GDPR.