The General Data Protection Regulation (GDPR) triggers the most significant changes to EU data privacy regulation in two decades! It is essential for businesses and individuals to be prepared for greater control over how personal data is used and what this will mean for collecting data via online surveys. We have put together some essential, easy to follow information to help make sure you are GDPR compliant when conducting research…
GDPR Compliance – One year to go
The GDPR will come into force on May 25th 2018, so what does this mean? Firstly, don’t mistakenly believe that these new set of rules won’t apply as the UK is leaving Europe, as this simply is not true! Because the GDPR is a regulation, not a directive, the UK does not need to draw up new legislation. Instead, it will apply automatically next May to any business that handles the personal data of European citizens – and that includes your employees. So, it’s time to start planning!
What is GDPR?
Currently, the UK relies on the Data Protection Act 1998, which is a great starting point to build from as this will be superseded by the new rules, with a few changes. The GDPR will give individuals more say over what organisations can do with their data, with strict fines for non-compliance and breaches. Some areas will have more relevance to organisations than others, so it is useful to map out what is going to have the greatest impact on your business.
Does GDPR apply to your business?
If you are collecting data for business or research purposes from EU citizens then GDPR applies to you, even if you are based in a country outside the EU. You will need to be prepared for greater control over how personal data is used and what this means for collecting data via online surveys.
So, if you collect data, start by asking the question – are you planning to do everything you can to be GDPR compliant? It is a good idea to start planning your GDPR compliance journey now by building data protection into everything you do, including using a software supplier based in the UK who has secure data storage and security measures in place.
Obligations of data controllers and processors under GDPR:
- The Controller – determines how and why personal data is processed
- The Processor – handles the processing of the data
The controller could be any commercial business, charity or government department and a processor could be any service provider. Both, however, need to abide by the GDPR.
Why was the GDPR drafted?
The drivers behind the GDPR are twofold:
- To give people more control over how their personal data is used. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the ever-evolving digital economy.
- Secondly, to provide one coherent set of rules that will form a level playing field for businesses to operate in and make data protection law equal throughout Europe.
With security breaches regularly in the news, such as the cyber-attack on NHS computers, TalkTalk’s security failings and the world’s largest cyber-attack affecting Yahoo accounts, data security is at the forefront of everybody’s minds. It is essential to take a broad approach to protecting all information assets by taking every precaution to safeguard company systems and processes. Having a strong data protection policy forms the central pillar of good operational data security for any business. The GDPR, in turn, will reinforce the basic rights of individuals that data will only be used for the reason it was collected, it will be guarded safely and deleted at an appropriate time.
5 reasons GDPR compliance for data collection is important
- Penalties for breaching GDPR can result in strict fines.
- Prevent reputational harm to your brand.
- To take advantage of cost savings when collecting data from new markets.
- To generate value from stored data by removing old records.
- Streamline data protection rules to avoid room for error.
Consequences of not being GDPR compliant
Penalties for non-compliance of GDPR will be applicable to both data controllers and processors and will depend on certain factors, including;
- Duration of the infringement
- Quantity of the data subjects affected
- Level of impact
There will be strict penalties for serious violation of the regulations!
Tips for preparing for GDPR
- Plan for GDPR well ahead of time
- Invest in solutions that will help you fulfil all compliance regulations
- Start now by auditing the changes you need to make
Safe and secure data storage is essential so don’t waste any time making sure you will beat the deadline for GDPR compliance. SmartSurvey offers compliant data collection software and storage facilities, signing up or switching is easy. If you collect data for your organisation, get in touch to find out more.