January 20, 2018
Privacy is a critical right, and customers are correct to demand that their data be protected. At Mixmax, we’re excited about a new data privacy law, the General Data Protection Regulation (GDPR), which goes into effect in May 2018 in the European Union (EU). This law, established by the EU Parliament, gives EU citizens and residents more control over their personal data. Companies — in Europe and all over the world — are working quickly to ensure that they take the proper precautions for keeping customer data private. Here’s a brief overview of the GDPR and what it means for your business.
Please note that this article doesn’t constitute legal advice. If you’re preparing to be compliant with these new regulations, be sure to consult your legal team.
The GDPR defines personal data as any information that can be used to directly or indirectly identify a person, such as a name, photograph, email address, or even an IP address.
The GDPR establishes a common vocabulary to talk about data privacy and protects it in six ways.
The data subject is the individual whose personal data is being protected by the GDPR. For example, when you create an online account, you are the data subject. The organization with which you create the online account is the data controller — the person or agency who determines the purposes and means of processing your personal data. Your personal data may also be handled by a data processor — a person or agency who processes personal data on behalf of the controller.
Under the GDPR, personal data is protected in six key ways:
Under the new law, if an organization doesn’t protect their EU customers’ personal data, the penalty is severe: they could be fined 4% of global revenue, or 20 million Euros ($24 million USD), whichever is greater. And they could be prevented from working with customer data until they bring their operation into compliance.
The GDPR protects the rights of EU citizens and residents. But even if you’re not in Europe, you’ll feel the effects. As a customer, many of the online products and services you use also serve European customers, so those products and services must be made GDPR-compliant. In your work life, your organization may have EU customers, so your own products and services will need to comply. Or, your organization may have customers who have customers in the EU — in which case you’re a data processor for a company with EU customers.