In May 2018, the EU implemented a new law that changes the way businesses collect, store and use personal customer data. The General Data Protection Regulation (GDPR) is an overhaul of the 1998 Data Protection Act (DPA), which was brought in when the internet was still in its infancy. The GDPR reflects the ways in which the internet is used nowadays.
Businesses that do not comply with GDPR, face fines of up to 4% of their annual turnover. The main difference between GDPR and the previous DPA is that customers now have much more control over how their data is used and whether it is collected in the first place.
Companies need to gain consent from consumers before gathering their data, and are subject to strict rules about how it is used – e.g. justifying why they need the data, showing how they will protect it, and upholding customers’ rights to access their data and object to its use.
GDPR is all about helping businesses keep their customers’ data safe in a digital world where more private information than ever before is shared and cybercrime is a constant threat.