New EU regulation is hitting soon – make sure your freelance business is prepared for GDPR!
The General Data Protection Regulation (GDPR) of the EU is one of the most important, if not the most important changes in privacy regulation in the last 20 years. If you’re a freelancer who’s located in Europe or works with European-based companies or customers, you’ll have to know what it is.
In this article, we’ll cover the most important basics about GDPR – what it is, who and what is affected, what might be changing for small business owners and how you can prepare.
Whats is GDPR?
GDPR is a regulation aimed at two things. Firstly, it is an attempt to make rules about data protection similar across the whole of Europe – that makes the process simpler from a legal standpoint. Secondly, GDPR is supposed to give people more control over their personal and sensitive data. Personal data is what can be used to identify a person – like IP addresses, locations or email addresses. Sensitive personal data are things like political or sexual preferences, religious beliefs and so on. Under this new regulation, people will be able to ask companies and organization if and which pieces of such data they hold for their own person – the organizations will then be compelled to provide this information without charge.
The regulation was approved in 2016 and is being enforced on May 25 of 2018. If you are found to be non-compliant at that point, you might be facing fines. For larger companies these will be as much as 20 million euros; while those obviously won’t apply to your freelance business, you’ll want to be as secure as can be before the regulation drops
Who is affected by the new regulations?
Essentially, every company which handles personal or sensitive data of EU citizens is affected by the new rules under GDPR. You don’t have to EU-based to be affected. The larger a business is, the more their day-to-day operations will be affected. Large businesses will have to appoint a Data Protection Officer. This is a person who has to make sure companies are properly and securely keeping track of their data. This can be someone who works at the company or an external worker. (If you’re in need of a GDPR consultant, please check the GDPR experts at freelancermap).
Smaller companies and businesses, like freelancers, will also have to change some things up in order to comply with the new EU regulations. You might think you’re not working with data, but you probably are. Do you have a mailing list, a list of addresses, phone numbers or social media profiles? If you answered yes to any of those, you are affected by GDPR, even as a small business.
How can you prepare for the change and be compliant as a freelancer?
The GDPR is, as we said in the beginning, possibly the biggest data regulation to come out in Europe in the last twenty years. As such, it contains a lot of details, and we can’t cover all of them. In summary, the regulations require more transparency regarding data and its proper safekeeping. Additionally, business owners have to treat their customers’ privacy rights with more care than before. But what does that mean, in practice? Here are the four most important aspects:
Most important aspects towards GDPR compliance
Keep a perfect record for all data you obtain
Keeping a record of every piece of data you collect is a sound thing to do, law or not. But with the GDPR coming into effect, you will be fined if someone asks for information and you’re not able to provide it because of bad record keeping. Not keeping good record of your data could lead to a fine of 2% of your annual turnover.
Make sure that data is secured
We all know we should encrypt data, especially details that are not our own, but rather that of our customers. Some of us might not always do it, because let’s face it – it’s not always easy and can take significant amounts of time. Under this new law, you will be obliged to secure customer data, so start learning how to do it right now.
Make sure you’re not collecting data without a reason
A part of the GDPR regulations specifically state that there has to be a purpose attached to the data collected. You’ll have to ask yourself if there is a reason for collecting all the data you are. If the answer is “no” for any piece of data, start transitioning into not collecting it right now.
Let users really choose whether they consent to data collection
Agreeing to gather data is often on an opt-out basis today. Boxes requesting you to consent to data collection are pre-ticked, for example. This should change with GDPR. Users now have to opt in to data collection, explicitly agreeing with it. Additionally, data which was gathered in a way not meeting these new standards before May 25 cannot be used unless users opt in, either.
You can read up on the GDPR regulation on its official website:
If you are unsure whether or not you should change anything in order to comply with new regulations, we recommend you seek legal advice.