Popdot Media is now Studio Clvr. Read about the rebrand.

Making sense of the GDPR

What is the GDPR?

The General Data Protection Regulation (GDPR) is a set of European laws that govern how the user data of a company is collected and used. These laws prevent data organisations from accidentally or intentionally misusing the data of their users (cue the Mark Zuckerberg case where millions of Facebook users in the US had their data stolen by political consultancy firm, Cambridge Analytica — awkward).

What is user data?

When we refer to ‘data’ we are referring to personal information a user enters when they first sign up to a website. Facebook is a great example of this. During the sign up process you are asked questions like what is your name, your email address, your D.O.B, gender and so on. This may seem like irrelevant information, but this data can be given to third-party services to help advertisers target users.

Who wants access to this data?

User data can get personal, real personal. Especially when it involves your bank details, medical information or computer IP address. The worst part? Once data is leaked, there is no way to get this data back. Now you are probably asking yourself, “who could benefit from such data?”. Valuable user data can be sold on the dark web for a large price. Usually a “broker” will purchase this data and sell it onto a “carder”. The “carder” then uses the credentials to buy gift cards to stores like Amazon.com — essentially anything that cannot be traced. These gift cards are then used to purchase items such as electronics which are resold on eBay or the dark web.  

Who is affected by the GDPR?

We’ve heard it out of the mouths of various business owners “the GDPR doesn’t affect me because I don’t work in Europe”. There’s something that these business owners should know though. If you have an office, offer goods and services, or monitor behaviour of individuals in the EU, you’ll need to update your privacy policy. It’s no surprise that the country most affected by the GDPR is the US. If you think about it, some of the world’s largest data organisations were founded in the US ­­— Facebook, Google, Snapchat, Twitter and LinkedIn, just to name a few.  With large corporations like these being affected, it’s safe to assume that similar laws could be introduced here in the near future. If you want your business to remain ahead of the curve, it’s important to be mindful of any GDPR related issues.  

Why should organisations comply?

Non-compliance with the GDPR can result in hefty fines for large corporations. The kind of fines that send these companies bankrupt. GDPR fines can go up to 20 million Euros or 4% of your annual global turnover, whichever is highest. Small businesses are no exception and will receive the same fines for any type of data breach.  

How do I protect my company from these fines?

The main thing to remember is that you need to allow an individual to make their own privacy decisions and consent on any data collection. As expressed in the Australian Privacy Act, the four key elements of consent are:

·       “The individual is adequately informed before giving consent”

·       “The individual gives consent voluntarily”

·       “The consent is current and specific”

·       “The individual has capacity to understand and communicate consent” 

To read more about privacy and what to include in your privacy policy, we highly recommend this website: https://www.oaic.gov.au/resources/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation.pdf

So that’s the GDPR in a nutshell. It’s no law to be taken lightly and data breach is some real serious stuff. Make sure you update your privacy policy if you plan on doing business with the EU — but even if you don’t, your users deserve to know where their data can potentially end up.

Hey, I’m Nic

I’m a digital design strategist on a mission to transform websites from ‘whatever’ to clever. I build websites that work harder for your business, make running a business easier, and give you more time to help your clients.

Like what you’re reading? There’s more where that came from.

Sign up to the Box Clever newsletter

Straight-up advice to help you work smarter, not harder (+ subscriber-only discounts) — direct to your inbox.

No spam, no spin. Unsubscribe at any time.