Hi, I’m Ben and today I’m going to talk about the General Data Protection Regulation or GDPR.
Stay with me.
It’s something that every business needs to be across right now. And if you don’t think you’ve heard about it yet, I’m sure you have.
It’s in response to GDPR, which comes into effect on the 25th of May this year.
So what is it?
GDPR is a set of regulations that standardises data protection and online privacy regulation across the EU, and has implications for businesses around the world.
The law overall is pretty complex, but it comes down to six key concepts.
- Transparency: Organisations have to be transparent in how they’ll use people’s data. Whether it’s contact info, IP address, or credit card numbers.
- Limited use: Organisations are limited in how they can use data to what they explicitly state, and can’t use that data for new purposes without asking for consent.
- Minimalisation: Organisations must collect the minimum necessary data for their purposes. So you can’t ask for a phone number if you’ve already stated you’ll be using the information for email marketing.
- Storage limitation: Data can only be kept for as long as is necessary for the activity stated when the information was collected.
- Confidentiality: Organisations are responsible for securing data safely and effectively, and must report data breaches in a timely manner.
- Accountability: Organisations must have someone specifically responsible for compliance and data protection.
So what does this mean for Australian businesses?
The short version is it’s still too early to tell. And many experts agree that the law is vague enough that we won’t know its full scope until we see it enforced.
But if you market directly into the EU, or if you have a business that sells internationally, there are very real implications that you need to be across right now.
And in my next video I’ll discuss the questions you need to be asking and some specific actions you can take.
Thanks for watching.
If you have any questions, just leave them in the comments.