Facebook’s issues with data privacy seem to be dominating the news cycle right now. The social media giant finds itself in hot water for allowing companies like Cambridge Analytica to harvest the data from millions of its users to be employed for what many have described as “undemocratic processes.” But if a company that big can get into trouble with data compliance then surely there is a pass for much smaller businesses with fewer resources. And, even with the GDPR coming into force this May, in the light of the Facebook data issues, is anyone even going to care if smaller businesses are non-GDPR compliant?
A key moment for data protection
The short answer to this is “yes.” Apart from anything else, the GDPR brings with it fines that have the potential to be so eye-wateringly large that not complying with the GDPR could be devastating for a business (think €20 million, or 4% annual global turnover). And then there are your customers. If your business doesn’t hit the mark with the GDPR requirements it’s not just a matter of compliance but will also have a very real impact on customer experience too. That’s because the GDPR has been designed to completely overhaul the way businesses treat consumer data – and those organisations that don’t comply are effectively depriving their customers of key new rights.
Rights for consumers under the GDPR
The right to consent. With the arrival of the GDPR, businesses now need a much more tangible and complex consent from consumers when it comes to their data. The new rules on consent require specific, informed and unambiguous consent that has been given by affirmative action and not extracted via something like a pre-ticked box.
The right to access. Individuals can request access to the data that your business holds on them – as well as an electronic copy of that data provided free of charge. If you’re not complying with these transparency provisions of the GDPR then your customers’ access rights are being blocked.
The right to privacy. Data privacy has been an afterthought for many organisations but the GDPR looks to refocus that. Now, privacy by design requires that data security and protection is integrated into products and services from creation onwards. If you’re not complying with that focus then your customers lose out.
The right to be forgotten. Effectively, an individual may contact you to request that all the data that you have on them be deleted without delay. There are some carve outs here, such as public interest, but on the whole GDPR compliance will require businesses to create the means to enable this – and it’s something many customers will be keen to take advantage of.
The right to be told about a breach. The new timeframe for this is 72 hours if there is a data breach that could result in risk to your customers’ rights and freedoms.
These are just some of the rights under the GDPR that have created new expectations in consumers. So, if you do end up like Facebook with data protection problems, it could be more than your reputation that you lose. Find out how to better protect your data, and your customers’ interests, from our expert team.