GDPR (General Data Protection Regulation ) has been a time consuming learning curve to many of us out there.
For me it reminded me of something like a tedious school project that I had a year to write. Many including myself were struggling to interpret some of the details of the regulation.
The actual GDPR regulation itself is a nightmare. It has over 250 pages, with 99 main provisions (“Articles”) and 173 supplementary “recitals.” but to make sure the basics were covered we took notice of the following;
The Main Five GDPR Basics I Needed To Know were;
- It applies to anyone who processes “personal data” — Most obviously, that’s things like names, email addresses and other types of “personally identifiable information”;
- It creates significant new responsibilities — If you process personal data, you are now truly responsible and accountable for its security and the way it is used;
- It has a global reach — It might be an EU law, but it can apply to anyone, regardless of their location;
- It doesn’t just apply to traditional businesses — The principles are concerned with what you do with other people’s data, not who you are or why you do it;
- There are eye-watering fines for non-compliance — up to €20 million ($24m) or 4% of global revenue, whichever is higher.
Then consideration was needed for storage, ip addresses, email, social media, third party sites, cookies, Google analytics, reviews, disclosures and much more.
The most important aspect was updating our policies to ensure as much as possible to implement the protection of personal data.
Well I finally got there, and can now concentrate on the business rather than pulling my hair out in frustration at understanding the jargon to comply. PHEW !!!