It stands for General Data Protection Regulation. It means if you collect it, you must protect it. You’ll need permission and a reason to collect and hold personal data. How long are you going to hold my personal data and why? There may government regulations that stipulate you need to hold an invoice for 10 years or more, and in some cases it will be less. People have rights as well, as a matter of fact they have seven of them and if they request something – you need to provide it in a timely manner. You may to appoint a data protection officer (DPO), which also has its own rules and regulations. There may be some industry specific rules and laws you need to follow. Check to see if they’re any specific rules. For example, doctors have different rules than florists.
There are a number of key issues you’ll need to keep in mind when working with the GDPR. One of the biggest and it revolves around is consent. What it basically boils down to is you need a person’s consent in order to collect their data. They have a few other rights as well as the right to be forgotten, the right to be informed, rights of access.
Other key areas you’ll need to look at are email marketing, do you have permission to have the person’s email address and send them marketing material. Should data be encrypted? If so how and to what level.
What do they mean by personal data, you need to understand what makes up personal data, how to collect it and how to handle it? What do they mean by privacy by design, how will that impact adding new applications? Have you conducted a privacy impact assessment? What about how you process the data you collected, and the records for data processing? What about third countries? If you send data to a country outside of the EU, can you guarantee the same level of protection for personal data as inside the EU.
There are lots of things to look at and understand. You’re going to need to understand lots of things many of them legal. We’ll try to make most of understandable, or as much as we can. If you need help, ask us and we can arrange a meeting to discuss your needs.