The GDPR is a timely revision of the 1995 data protection act which considering the level of internet at that point ( geocities anyone? ) is laughably outdated ( although – ahem – a small store called amazon launched in 95. ) So for everyone who has an existing digital product such as a website, an app, in fact any digital asset that collects any kind of data from its users, will need to make changes to their data collecting ways.
For your customers its a postive move, the poor souls who are tired of having their data hoovered up the second they press enter can now wield the power of the GDPR to take back control. Any one living in the EU ( yes we’re still in the EU ) who submits any data knowingly or otherwise can have the power to claim it back, have it erased, limit its transfer to other services and essentially feel like the boss of themselves.
Moving swiftly to the point, you have to now explicitly make clear this process of data collection (however small) how they use it and most importantly build in the ability to delete it.
You must also ensure that every signup and act of relinquishing data has been explicitly approved by your customer and not only that but show a proof of approval ( a screen shot or code snapshot of the sign up approval page no less ) and store that in a retrievable manner…. for ever….gulp.
Also any business with over 250 employees, that relies on consistent data collection in their day to day running, will also have to appoint a data protection office aka DPO, to make sure they comply, on a day to day basis. No small undertaking, however as pointed out this is largely for larger entities and won’t apply to SME where collecting data is a nice sideline of practical know thy customers.
May 25th 2018 is launch date, compliance will need to be well established prior to this and yes a liability of 4% of annual earnings is applicable for any non compliant clients out there riding rough shod over the law of the land. We are in process of creating compliance auditing for all of our clients to ensure everyone is up to date and will be in touch to complete this process.