One month to go: Now is your last chance to comply with GDPR

Time’s almost up.

Where once upon a time, Wild West anarchy reigned when it came to personal data and privacy on the internet, there will soon be a new sheriff in town. The General Data Protection Regulation (GDPR), possibly the biggest shakeup of data protection in the internet age, comes into force on May 25th. That means any company found violating the regulation from then on runs the risk of incurring a major fine, set at up to 20 million euros or four percent of the company’s annual global revenue, whichever is higher.

But in the era of GDPR, with more and more people aware of the harmful misuse of personal data on the internet, money is not the only thing that’s at stake for offending companies. It’s also your reputation you’re risking. Nobody wants to do business with a company that procures and treats personal data illegitimately.

If you haven’t adjusted your operations to comply with GDPR rules yet, now is your last chance. The only thing that can save you from millions in potential fines is adapting as quickly as you can.

Read more: How to make GA4 GDPR compliant

Niteco’s founder Pelle Niklasson says, “Review and redraft your current privacy notices; be transparent about how you seek, obtain, and record consent; and how you accurately identify and classify child customers.” In addition, Pelle points out that it’s critical to also make sure you know how you, as a company, will manage data breaches internally and with the affected customer, within the specified deadlines.

The most important thing for you to do is make sure you get consent from your EU-based customers to use their data. Simply hiding clauses in your Terms and Conditions or your Privacy Policy will no longer do. You need a clear opt-in clause that states why, exactly, you collect the user’s data, what you plan to do with it, and whether you might share it with third parties. Peter Yeung, Episerver’s Global Data Protection Officer and General Counsel says, “A subject’s consent has to be a clear, unambiguous, affirmative consent to processing.” Oh, and by the way, withdrawing consent must be just as easy as giving it.

The ramifications of GDPR’s entry into force are many. “It’s easy to think that the GDPR is a legal issue, but it’s not,” warns Pelle. “The stipulations in this law and their weighty implications mean businesses have no choice but to adopt new ways of working and institute a watertight culture of safeguarding personal data.”

Don’t mistake the GDPR for a toothless piece of paper, either. After the recent revelations about Facebook’s handling of its users’ personal data, the EU, which has already shown its willingness to impose harsh penalties on firms that violate data protection regulations, will double down on privacy protection on the internet. The ramifications of the GDPR are so far-reaching that experts are recommending a Data Protection Officer be appointed at companies with 250 or more employees.

Although the legal obligation is on the company to ensure compliance, working with a software development partner that explicitly appreciates the implications of the law on your business is critical. After all, their insight and problem-solving capabilities could save you millions. Linus Ekstrom, Chief Technology Officer at Niteco, explains, “As software development experts who help major companies manage and sometimes migrate data, we can bring our technical know-how to good effect. Our partners Episerver  and Sitecore  are also able to support global firms prepare their systems for the impending reality of data management after May 25th.”

Learn more about how Niteco can help your company become GDPR Ready by getting in touch with us today.