GDPR, which stands for the General Data Protection Regulation, came into effect on May 25th 2018, and affects businesses across the UK and the world. Companies that store and process the personal data of any EU citizen must now become GDPR compliant or face a fine of 4% of their annual turnover or €20 million—whichever is higher.
Companies are now scrambling with questions on what these data protection laws entail and how to become GDPR compliant, but luckily for you, we’ve got the answers.
Our GDPR toolkit goes into total depth on how your business can become GDPR compliant. In the meantime, this blog post will give you a brief idea of how GDPR relates to your B2B company, to give you some guidance and calm among all this GDPR chaos.
So, here goes…
What is GDPR?
GDPR seeks to govern all personal data protection rights of individuals in the EU. These laws impact businesses across the globe who store and process the data of EU citizens, and virtually all industries, including recruitment, legal, B2B and so on, are affected.
Into The Nitty-Gritty…
Our GDPR series covers much of this in greater depth, but we’ll recap a little here.
In order to become GDPR compliant your business must provide a legal basis for storing and processing any personal data. Under GDPR, companies are treated as individuals, which means that you must become GDPR compliant with the ‘personal data’ of any companies and individuals you have.
- Personal data is defined by the European Commission as “any information relating to an individual, whether it relates to his or her private, public or professional. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
You can choose one lawful basis among six, which include:
- Consent—the individual has given clear consent for you to process their personal data.
- Contract—the processing is necessary for a contract you have with the individual, or because they’ve asked you to take specific steps before entering into a contract.
- Legal Obligation—the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital Interests—the processing is necessary to protect someone’s life.
- Public Task—the processing is necessary for you to perform a task in the public interest, and the task has a clear basis in law.
- Legitimate Interests—the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.