New data protection laws come into force on 25 May 2018. Your company must comply fully or you can be fined up to 20€ million or 4% of your company’s global annual turnover.
Forget going under the radar, the Delegado Proteccion de Datas will visit your company to enforce the legislation. If your business doesn’t fully adhere to the rules, it will result in a hefty financial penalty.
The new General Data Protection Regulations (GDPR) are designed to ensure stricter standards for securing and protecting personal data and to remove obstacles to cross-border trading throughout the EU. Both historical and future data on EU citizens will be affected. The only way to avoid it is to exclude all data on EU citizens, which isn’t an option if your company is in Spain and your customers are EU citizens.
Adherence to the current Data Protection Act is a good start but you must also implement additional measures. It is your responsibility as a company owner to know your legal obligations and to ensure full compliance or face a fine of up to 20€ million or 4% of your company’s global annual turnover.
How it affects your company
GDPR covers all aspects of data collection and protection and so it will affect your website, landing pages and email marketing.All GDPR measures must be implemented before 25 May 2018. These include:
- User opt-in – all forms must have the correct tick boxes (pre-ticked is unacceptable)
- Third-party tracking – you are responsible for using GDPR compliant third-parties
- Database – must be brought up to GDPR standards
- Online payment- all details must be removed after a reasonable period
- Security on your website
- Emails can only be sent to people who have opted-in
- Cookie Notice, Privacy Policy and Terms and Conditions must be relevant to your product and approved by your legal advisers.
- And much more..
What you need to do
- Firstly, get legal advice.
- Check if you are already signed up for GDPR (LOPD- Spanish data protection). If not, do so immediately, as a member of your staff must take the course and start implementing the necessary procedures before 25th May).
How Redline can help you
Redline can help you implement the required changes on your website etc., but remember it is your responsibility as a company to make sure all procedures are in place.
Please note, that this information is for guidance only and we strongly recommend that you get legal advice immediately to ensure that your business is fully compliant.
Further useful information:
Agencia Española de Protección de Datos
LOPD to RGPD: Countdown for Adapting to a Tougher System
European Commission – Questions and Answers General Data Protection Regulation