The new General Data Protection Regulation (GDPR) regulates the personal data that companies keep.
The new law enters into force on May 25, 2018.
In Spain, the GDPR replaces the Organic Law on the Protection of Personal Data (LOPD).
At DigitalMakers we are NOT experts in laws and regulations. But like any other company that manages personal data, we are informing ourselves, and what our legal advisors tell us is that the new law focuses on regulating the personal data that a company collects so that the one that gives the data must authorize explicit the transfer of data for a specific purpose.
If, as a DigitalMakers client company, you have doubts about what actions to take to comply with the new regulation, from DigitalMakers we recommend that you contact a company specialized in data protection. If you wish, from DigitalMakers we can recommend which ones we are starting to work with.
These companies specialized in data protection, usually make a complete study of all the processes of the company where personal data are managed, from this study they extract a report (GAP Analysis) detailing all the actions necessary to adapt the company’s processes to the new regulation, from the moment in which the data is collected and the cessor of the data authorizes its use, until the use by the company ends, going through how these data are guarded by means. Ideally, our clients are informing DigitalMakers of the regulatory actions that affect the corporate digital ecosystem so that DigitalMakers can apply it.
DigitalMakers will not be able to process personal data (for example subscribers of mailings, guests to an event, etc.) that are not properly regularized.
Each company is responsible for carrying out the actions it deems appropriate to comply with the GDPR.
This regulation affects ALL the processes in which the company treats personal data, whether from customers, employees or suppliers. Some examples of processes where personal data are managed can be a business loyalty card; when your email address is given to be informed of promotions; when someone transfers personal data through a SmartWatch that records keystrokes, location, etc; when an app collects the gps location of its user; when a web using tools such as google analytics records ips or other personal data; when an employee gives up his personal telephone; when an employee appears on the company’s social networks, etc.
The company must:
- Record the When, the How and the What. That is, if a client gives his email address to receive an article from a blog, the company to which the information has been transferred must record the date and time in which the personal data was saved, by which channel (web form, etc.), the exact text that has been accepted.
- The company must inform at the time of the transfer the terms and conditions of the custody of these personal data, among other parameters should be informed of the purpose of use of the data, where they will be kept or for how long.
- The company must provide at all times the possibility that the data collector may revoke the assignment, by the same channel and with the same purpose in which they were transferred.
Doing a constructive exercise, the GDPR can be an opportunity to review and improve all the processes of the company, at the same time that we can assess whether to apply digital factor, so that the client perceives more value and the company can obtain a competitive advantage.
If you want more information, please do not hesitate to contact us, we will be happy to assist you.
If this article has been useful to you, we encourage you to subscribe to our blog specialized in helping SMEs in their processes of digital transformation, digital marketing and web development.