Europe’s new General Data Protection Regulation (GDPR) has 99 articles establishing new data privacy laws for organisations and individuals.
The GDPR not only affects companies operating in Europe, but also any company with European customers; that’s the point when we stopped deleting GDPR articles and took note!
So, contrary to the title of this article…GDPR: do us Kiwis have a problem?
What is the GDPR?
The GDPR is Europe’s new framework for data protection laws. Designed to give individuals greater protection over the use of their personal details, the new laws have also been implemented to ‘harmonise’ data privacy laws across Europe.
Even though it’s been planned for the past two years, we’ve all recently been subject to the barrage of emails from the Brits as they scrambled to send out their data protection updates before the news laws were implemented on the 25th May.
The GDPR states that companies have to clearly document how and why they hold personal details for their customers and prospects, and provides extra regulations over how these details are collected and processed.
There’s 99 articles outlining the laws of the GDPR (get the title now?) but here are some of the main points to consider:
- A ‘double-in’ opt in process is now a requirement for any prospects signing up to receive communications, such as marketing updates, from your company.
- Your website must give users a clear understanding of how personal details may be used.
- Cookie policies will need to change – you’ll now need to offer an option for users to opt out of consenting to cookies (as well as the standard opt in pop up.)
Remember, ‘personal data’ applies not just to names and contact details, but also to photos, IP addresses, social media posts and even pseudonyms!
Companies failing to comply can face penalties of up to $20million.
The laws have been put in place not just for companies but to give consumers more rights over their personal details. Consumers now have the ‘right to be forgotten’, where they can request all of their details to be erased from your company’s database. They can also request access to their data, to which they must be given access to free of charge within 30 days.
How does it affect us Kiwis?
Any company operating in Europe or with European customers need to be GDPR compliant. So if you’ve got customers or prospects who you market to in Europe, you’ll need to check out the full 99 articles here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en to make sure you are GDPR ready.
For additional resources about the impact of GDPR in New Zealand, visit: https://www.privacy.org.nz/privacy-for-agencies/gdpr-resources/