Are you ready for GDPR?

Written by: MessageMedia on 16 April 2018

 

At Bulletin we take your data privacy and security very seriously. In May 2018, the General Data Protection Regulation (GDPR) introduces some of the biggest changes to data protection laws in decades, and only 54% of businesses are expected to meet that deadline. We are here to offer insight into how we are preparing for GDPR, and what this means for you and your business.

What is GDPR?

According to the New Zealand Privacy Commissioner, if you have a business in Europe; target EU customers; enable payments in European currencies and mention European clients and customers on your website, then your company will have to comply with higher privacy standards even if your operations are outside of Europe.

What are the GDPR changes?

Data privacy and security regulations are tightening. Some of the key changes include;

  • If you are based in, or affiliated with Europe, your business must comply with the new laws, regardless of your businesses size or annual revenue,
  • If a customer asks you to delete their data, you must comply. This is their new right to be forgotten.
  • Every business requires data to be produced in a machine-readable format.
  • Fines and the infringements are huge! If you breach the new laws from the 25th May 2018 onwards it could cost your business up to €20 million or 4% of your annual worldwide turnover (whichever is higher).

See https://www.privacy.org.nz/assets/Uploads/EU-General-Data-Protection-Regulation-General-Information-Document.pdf and https://www.privacy.org.nz/assets/Uploads/EUMR-The-principles-of-the-GDPR-09-2017.pdf  for informative guides to the GDPR changes and how they apply to businesses locally to Australia and New Zealand markets.

Why is GDPR being introduced?

GDPR aims to entrench the six general principles of data privacy, greatly improving data protection and privacy rights:

  1. Lawfulness, fairness, and transparency of data processing
  2. Purpose limitation: personal data should be collected for specific, explicit and legitimate purposes
  3. Data minimisation: only personal data relevant to the specific purpose should be saved and processed
  4. Accuracy of data: any inaccurate personal data should be corrected or deleted. Where necessary, data must be kept up to date.
  5. Retention of data: data must be kept in an identifiable format and no longer than necessary
  6. Integrity and confidentiality: data must be kept secure

What are we doing?

Having conducted extensive research, Bulletin and MessageMedia (our parent company) have reviewed our systems in respect of the GDPR that becomes enforceable on May 25, 2018. The privacy rights of all individuals, not just those of the EU, are of paramount importance to the whole of the MessageMedia Group and we will be prepared for this important date.

We are finalising the implementation of system changes that reflect the data security and privacy principles entrenched by the GDPR, including the right to be forgotten. This work also includes ensuring that any partner who may be affected by GDPR are also compliant so that the integrity of your data is protected throughout its delivery to its final destination. Our customer terms will be updated to reflect the changes required by the GDPR.

What can you do?

Familiarise yourself with the policy. We in turn will continue to keep you informed on the specifics of our progress but GDPR is complex, so be sure to speak to your technology partners to make sure they are compliant and that they will support you throughout your GDPR compliancy process.

If you require a business messaging partner who is ready for the change, get in touch today.