What, Exactly, Is GDPR And Why Does it Matter for B2B Outbound Sales?
On May 25, 2018, the new rules for the processing of data of EU citizens came into force. GDPR (General Data Protection Regulation) is regulation for companies that collect and process data from users in the European Union on the Internet. The new decree aims to increase the level of protection and provide citizens with their data. Therefore, we will cover all of the specifics of the current data processing rules in this article. Let’s take a closer look at the General Data Protection Regulation’s core provisions.
One of the most important principles of the GDPR is the extraterritoriality of the new rules for the processing of personal data. Companies operating in the EU or gathering data from EU citizens in the course of their operations must comply with the GDPR standards, which also apply to companies outside the EU. The organization will have to pay a fine for breaking the rules. For violation of the Regulations, the company will have to pay up to 20 million euros or 4% of annual income.
What is personal data according to the GDPR?
Any information that can be used to identify an entity is considered personal data (data subject). The definition of personal data can be defined so widely that even an IP address can be considered personal data. For example, last name and first name, address, identification code, and so on.
Extraterritorial principle of the GDPR
This principle applies to any company, regardless of location, that receives and processes the personal data of EU citizens (and residents). A business in Ukraine, for example, can provide services or sell products to EU citizens. Moreover, the company’s website is presented in the languages of the EU countries, on the national top-level domains of these countries (for example, “be” or “de”) and, settlements are made in local currency. On the territory of the EU itself, the company does not carry out any operations or actions. Does this company have to comply with the GDPR requirements? Of course, because goods or services are offered in languages for EU residents; payment is made in local currency; goods or services are offered on the country code top-level domains of the EU countries. As a result, all businesses that deal with Europeans’ personal data (for example, online ticket sales, hotel reservations, data centers, launching targeted ads, and so on) are subject to GDPR rules and must follow them.
What to do to become GDPR Compliant?
- Inform all employees about the GDPR.
- Check the data flows and work with the knowledge you have. It is easier to remove obsolete information than to accumulate redundant data. Your counterparties must also be ready for the GDPR’s implementation and compliance with the Regulation’s provisions.
- Make sure the data can be viewed, modified, and deleted. When users delete their data, it should be removed from the hands of someone with whom they shared it or had access to it.
- Determine how the organization can respond to requests for personal information from users.
- You must obtain clear consent from others for the collection of information. Record when and under what conditions this consent was obtained.
- Prohibit the use of your service for children from the EU under the age of 16.
- Provide a protocol for communicating information about the infringement to users and related EU agencies.
- Protect your data from theft.
- To avoid conflicts of interest, appoint a data protection officer.
- Take into consideration the possibility of having to respond to user inquiries in all official EU languages.
GDPR is the most relevant statutory document that greatly improves the security of personal data in the EU and beyond. It necessitates meticulous research and observation. The reform clarifies and harmonizes the laws that must be followed in the field of data security.
It also re-establishes customer confidence, enabling companies to take advantage of the single European digital economy. The collection, processing, and transfer of personal data around the world have become extremely profitable. Personal data is, of course, the new economy’s “currency.” And, if you collect user data in any way, you must keep a close eye on it to prevent leaks and potential third-party abuse.
Originally published 2021.04.19