Is GDPR coming to your side of the world? Very likely.
21st May 2018

Europe's landmark The General Data Protection Regulation (GDPR) is setting new standards for consumer protection compliance. It requires businesses to protect the personal data and privacy of EU citizens. It imposes harsh penalties for non compliance.

Companies all over the world doing business with EU are scrambling to become GDPR compliant by informing customers and soliciting their agreement on the information stored about them. Also they are beefing up security and internal procedures to prevent inadvertent or malicious leaks of customer data.

Ensuring privacy and security for our customer databases is nothing new, what is new though, is the stringent penalties that can be imposed and heightened monitoring. Wide ranging powers given to the EU authorities to determine and prosecute breaches has many worried. It is also not clear how the EU would impose penalties on companies operating outside the EU but dealing with EU clientele.

Currently it is affecting only those doing business with the EU which is significant but it is more than likely that other parts of the world will also adopt such strict guidelines. Especially Asia and particularly India, from where a lot of spam and junk originates. It might be known by other acronyms and programmes but the requirements will be similar.

Companies all over the world can preempt this by taking the effort to become compliant even if they are not doing business in the EU. After all ‘a stitch in time saves nice'.

What steps do you need to become GDPR compliant?

  • Taking consent for storing personal details that go towards identity – name, contact no, email etc. Parental consent for storing information about children below 16 years is compulsory.
  • Setting up a consent / opt-in mechanism on all web forms that require personal information with a clear way for customers to request removal from the database.
  • Assess and strengthen security measures for databases containing personal information.
  • Assess all APIs that might be accessing your database and ensure only authorized and necessary ones are allowed access.
  • Have a mechanism to convey any breach of security to the database customers with a clear way for them to either remove or reset the information provided.

So it's a good idea to evaluate our own customer databases and see if we can become more compliant so that when inevitably the GDPR or its equivalent, comes to our region, we are ready.

Related Posts
Book Reco: The Art of the Good Life: Clear Thinking for Business and a Better Life by Rolf Dobelli
18th June 2018   |   

Normally I am wary of self help books with their generic advice which is pretty much the same all over. But I was pleasantly surprised by this book. The author's easy style of writing, unique perspective and advise really makes this book a pleas

Continue Reading
Why many Indian companies struggle to leverage Social Media for their businesses
11th June 2018   |   

Everyone agrees that social media can be a powerful source for business and brand development. There is not a single marketing or communications manager who would dispute that. However there is a huge gap between what companies believe and how t

Continue Reading
Quick Reads 6th June 2018 - A round of interesting stories from the web
6th June 2018   |   

These are stories which caught our interest when browsing the web. They are as varied as they are interesting but all have something to do with either technology, e-commerce, business or work life.

Continue Reading
Is GDPR coming to your side of the world? Very likely.
21st May 2018   |   

Europe's landmark The General Data Protection Regulation (GDPR) is setting new standards for consumer protection compliance. It requires businesses to protect the personal data and privacy of E

Continue Reading
Should Net Neutrality be a worry for the web design and digital marketing industry?
9th November 2017   |   

Firstly let's address what is net neutrality. Wikipedia defines net neutrality thus: "Net neutrality is the principle that Internet service providers and governments regulating most of the Internet must treat all data on the Internet

Continue Reading