GDPR Explained In 5 Minutes: Everything You Need to Know

GDPR stands for General Data Protection Regulation. It’s a game-changing data privacy law set out by the EU, and has been enforceable since May 25th, 2018.

But don’t be fooled by the law emanating from the European Union. Your company being based in the US or elsewhere won’t save it from the (rather hefty) penalties that the EU has promised to impose should a brand fall short of GDPR compliance when dealing with EU citizen data.

So, now that you know why everybody is freaking out over GDPR, let’s dig a little deeper.

Key takeaways

  • GDPR is a data privacy law issued by the EU with the goal of aligning data protection protocols and increasing individual protection. It went into effect on May 25, 2018 and compels businesses to provide greater transparency and control over data collection and use.
  • The GDPR compliance criteria include getting users' unambiguous and freely given consent, timely breach reporting, the right to access and delete data, data portability, building systems with suitable security standards, and maybe employing a data protection officer.
  • Noncompliance with GDPR can result in significant fines of up to €20 million or 4% of the infringing organization's annual sales, as well as reputational harm.
  • GDPR set a new standard of openness in data collection and utilisation.   
  • GDPR compliance offers businesses the opportunity to build trust and confidence among their customers. Companies should embrace GDPR as a good force for defending consumer data rights in a connected world.

In a hurry? Here’s what you’ll find in this article:

    What is General Data Protection Regulation (GDPR)?

    GDPR is a long list of regulations for the handling of consumer data.

    The goal of this new legislation is to help align existing data protection protocols all while increasing the levels of protection for individuals. It’s been in negotiation for over four years, but the actual regulations will come into effect starting May 25th, 2018.

    All of the reforms going into effect are designed to help customers gain a greater level of control over their data, while offering more transparency throughout the data collection and use process.

    These new laws will help to bring existing legislation up to par with the connected digital age we live in. Since data collection is such a normal and integral aspect of our lives both on a personal and business level it helps to set the standard for data-related laws moving forward.

    Put simply, GDPR is a regulation that you’ll want to take seriously. Below we dive into what this regulation is, the demands of the legislation and how it could impact your day-to-day business.

    GDPR requirements: How to be GDPR compliant

    Let’s be frank, GDPR compliance is something that the biggest companies in the world are currently grappling with, and will likely grapple with up until the deadline on May 25th, 2018 (and maybe even beyond).

    Even if we distill GDPR compliance down to the basics, there are a lot of requirements you’ll have to implement to make sure you’re in line. Here’s what you should start thinking about:

    How to be GDPR Compliant

    1. Obtaining consent

    Your terms of consent must be clear. This means that you can’t stuff your terms and conditions with complex language designed to confuse your users. Consent must be easily given and freely withdrawn at any time.

    2. Timely breach notification

    If a security breach occurs, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe will lead to fines.

    3. Right to data access

    If your users request their existing data profile, you must be able to serve them with a fully detailed and free electronic copy of the data you’ve collected about them. This report must also include the various ways you’re using their information.

    4. Right to be forgotten

    Also known as the right to data deletion, once the original purpose or use of the customer data has been realized, your customers have the right to request that you totally erase their personal data.

    5. Data portability

    This gives users rights to their own data. They must be able to obtain their data from you and reuse that same data in different environments outside of your company.

    6. Privacy by design

    This section of GDPR requires companies to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a fine.

    7. Potential data protection officers

    In some cases, your company may need to appoint a data protection officer (DPO). Whether or not you need an officer depends upon the size of your company and at what level you currently process and collect data.

    What happens if you aren’t GDPR compliant?

    Failure to comply with GDPR can result in some pretty hefty fines. The fines will range from €20million, or up to 4 percent of the offending organization’s annual revenue — whichever is greater. Now that’s a serious fine.

    For lesser offences, the fine will be halved to €10million, or up to 2 percent of the offending organization’s annual revenue — again, whichever is greater.

    (Finger’s crossed your company is compliant)The higher level fines will be reserved for cases in which data infringement occurs, procedures for handling data aren’t in place, an unauthorized transfer of data occurs, or requests are ignored for customer data access.

    The lower level fines still apply to the misuse of data, but on a minor scale. For example, failing to report a data breach, failing to notify your customers about the recent breach, or failing to administer the correct data protection protocols.

    The extent of the fines your company will receive depends upon how severe the breach is, and the compliance actions you’ve taken as a result of the breach. 

    How GDPR impacts your businesses

    GDPR will bring about a new level of transparency into data collection, storage and usage. If your company is traditionally secretive about its data, you’ll need to make a very dramatic turnaround in line with the seven points above — as well as all the other minutiae.

    For most companies, GDPR will create the need for greater compliance spending. Both in ensuring your operational processes are up to the latest standards, but also ensuring your existing technology is designed and optimized to the latest protocols. Plus, some companies and organizations will have to hire a compliance officer to help monitor and manage any data collection campaigns.

    However, these additional expenses shouldn’t be solely viewed as an expense. Instead, it can be classified as an investment that’ll help to inspire trust and confidence in the eyes of your customers.

    Companies that abuse data privileges will start to be viewed less and less trustworthy in the eyes of the public — particularly if they’re hit with those profit margin-busting fines. On the flip side, the companies that value access and use of their customer's data and treat it as a privilege, instead of a right, will help to solidify themselves as trustworthy businesses into the future.
    Does GDPR Affect Your Company?

    Don’t resist GDPR; embrace it

    GDPR is a complex topic, and although this article will help you to grasp the basics, you and your legal team will need to go through the legislation with a fine-toothed comb.

    But the verdict is pretty clear from the offset: GDPR is an aggressive swing in the face of data abuse, and it puts all the power in the hands of the citizen when it comes to their data. Thus, there’s only a handful of organizations on earth with interests in the EU that don't need to make some changes.

    And yet, it’s important to view these as a way to better protect your customers, and improve your own internal customer data handling procedures. To make GDPR an easier pill to swallow, view it was a positive force that has come to safeguard consumer data rights in our increasingly accessible world. And just as it protects the consumer, it also protects organizations from overstepping their boundaries.

    As such, these new laws are completely necessary, even if they require a bit of an adjustment period upfront.

    How are your GDPR preparations coming along? Let us know in the comments section below!

    Want to see how high-growth companies use Core dna’s all-in-one content management platform? Let’s chat.

    Our analytics module allows you to capture information about customers and prospects, providing detailed information regarding how they find, interact with and eventually leave your site, helping you determine whether or not your goals and objectives are being reached.

    Of course! We pride ourselves on being more than just a software vendor. We partner with brands and agencies by providing technical support, digital strategy consulting and more. Core dna originated from an agency and has the professionals to provide insights into the platform, help with the strategy, implementation of the platform and the experts to help with solving onboarding and ongoing questions.

    Yes, we do. Our ability to support multiple brands and site instances (by geography, market, etc.) on one platform and access all data in a unified dashboard is one of the features that makes us attractive to multi-brand manufacturers and retailers. For more information about our multi-site feature, click here.

    Core dna is a decoupled platform, meaning we have headless content management built-in, but we also give you the front-end tools you need to present your content to your end-user.

    Sam Saltis
    Sam Saltis

    An entrepreneur at heart with over 20+ years of experience in building internet software, growing online companies and managing product development.

    Loves all things SaaS, technology, and startups.

    You can find him feeding his beloved fish when he's back in Australia.

    Previous PostB2B eCommerce Guide, Strategies and Best Practices
    Next PostD2C Benefits: Here's Why Manufacturers Are Going D2C