General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The GDPR is now in effect, and replaces the 1995 Data Protection Directive (Directive 95/46/EC).

It was adopted on 27 April 2016. It became enforceable on 25 May 2018, after a two-year transition period.

Unlike a directive, it does not require national governments to pass any enabling legislation and so it is directly binding and applicable. 

GDPR Resources:

With GDPR now enforced, it changes the way businesses collect, store and use customer data. 

General Data Protection Regulation (GDPR)

Watch a Video - GDPR: What Is It and How Might It Affect You?

Questions to consider when deciding on how GDPR might affect your Business and Systems:

Are you collecting Personal Data?

If so, what data fields are needed and for what business processes?
Consider that consent is needed for each group of business processes. Example: You provide 3 main services:

  • Track and certify Member data meets industry certification requirements;
  • Ability to pay membership dues and purchase products;
  • Provide and track Member training and education.

Some data elements are needed in each process like First Name and Last Name. Some data elements are needed only for Training, like attendance dates and times or transcripts.

How are you logging Consent? When and how it is given?

In what form is Personal Data being exported or stored outside of your systems?

When someone asks to be deleted, how will you maintain integrity of other records while still deleting the required data?
Example: If a customer requests deletion of their data. The First Name and Last Name can be deleted from the Contact records, but is the Contact record is still required to be linked to past Invoices?

What do you do when that person comes back and allows for data to be stored again. Can you reconcile past records back to the original person?
Example: The Customer returns and wants to purchase a product again. Is their past history recoverable? Do you re-associate past invoices to the returning Customer?

How does the change in consent affect membership in marketing lists and efforts?

Find out the answers to these questions and more by referring to the GDPR Official Website or downloading the GDPR Official Document to make sure your company in GDPR compliant. 

The costs of noncompliance include a fine up to €20 million, or 4% of your company's annual revenue - whichever is greater.

It is crucial for all companies to ensure they are up to date with the new GDPR legistation to avoid incurring privacy breaches and/or debilitating fines. 

GDPR Official Documentation
go to top