With less than 6 months to go, the clock is ticking – it is now imperative that those working in international trade prepare for the impact of the EU’s General Data Protection Regulation (GDPR) that will become the law across the EU on 25th May 2018. This will apply to all companies that offer goods and services to EU residents, and is likely to be one of the main talking points for global commerce over the coming year.
Despite Brexit, GDPR will affect the UK and all businesses in the EU or trading with the EU must tell consumers that they are storing data, who will see it and what they are going to use it for.
As a result of GDPR, individuals will have ‘the right to be forgotten’, so they have the right to instruct a company to delete their personal details from their systems. They can also request access to any of their personal information which is being held, within a specified notice period.
Most companies deal with data, so it will impact pretty much every company whatever their size, including all exporters to the EU and online and mail-order retailers who must adapt their data protection to steer clear of huge fines for non-compliance. These fines can be up to 4% of your annual global turnover. If a data breach does occur, there is a 72 hour window in which to notify the authorities.
Companies will have to be alert to people who are deliberately looking to catch companies out in order to seek compensation. The threat of people taking advantage and the fine for non-compliance is depressing, however the customer’s new found power shouldn’t be looked at as pessimistic, but instead seen as an opportunity to improve.
GDPR also comes at a time when the global mood towards data protection is definitely one of suspicion. Not only is there scepticism as to what firms collecting data intend to do with it, there are further fears that they are incapable of keeping such precious details safe.
Last year for example, the global credit firm Equifax suffered a serious data breach, exposing more than 140 million consumers to compromisation of their personal data.
It is therefore vital for those working in exportation to comply with GDPR. Follow our guide to get a competitive advantage over less prepared competitors.
How is personal data used by international trade?
You will likely hold personal data if you:
Ship to individuals
Employ EU citizens
Your company uses digital marketing
Take immediate action
The accountability that comes with GDPR means that data protection compliance will be far more process driven than ever before.
Follow our concise checklist to get ahead of the changes before they become law:
Gain an overview of all your personal data to protect it and avoid leaks – understand where all information you process is stored
Do you need to employ a data protection officer? You can employ an internal or external officer
Implement a procedure to identify, investigate and get to grips with data breaches
Make sure there are strict procedures in place for access rights to personal information
Review current processes for obtaining consent for gaining personal information and whether that consent is approved under GDPR
Make sure that you have strong web access protection
Store information in the cloud – this is often the most secure way of keeping data safe
Privacy-by-design – if your company takes payments online you will have to request card details and an address amongst other personal information. GDPR will enforce the need for supplying clear information about where the data goes and who will see it.
Every company in this value chain needs to have processes that offer rigid protection. The end user needs to be able to confidently give their consent to you collecting their data, knowing that they are handing over their personal data to a company that can and will protect it. Consent can also be withdrawn at any time, which means reconsidering auto-renewal and subscription payment processes.
The trust of consumers and business partners is forged by the responsible handling of personal data and so by implementing measures to conform to GDPR, you can cement your exporting business in a networked Europe. Whether other nations and trading blocs outside of the EU will adopt similar measures remains to be seen, but there is talk of such occurrences being in the pipeline especially as non-EU firms will still have to comply with the regulations.
The amount of work needed to be done to get ready for May 2018 and the months beyond can seem to be overwhelming, but trade professionals who are prepared and have communicated with their suppliers now will be in a superior position to manage any disruption.