The EU General Data Protection Regulation (GDPR), which replaces the Data Protection Directive 95/46/EC goes into effect on May 25, 2018. The regulation is designed to synchronize Europe’s data privacy laws and reshape the way that organizations handle the protection of data.
The GDPR affects all organizations within the European Union as well as those doing business with the EU. Any company that collects personal information from EU citizens must follow the laws of the GDPR, regardless of their geographic location. This can have a profound effect on companies collecting market research from EU citizens.
Many of our clients have members or do business with the European Union. While the GDPR will surely affect Vault, the level of scrutiny on us will be far less than that experienced by our clients and companies with over 250 employees.
The GDPR requires that anyone collecting personal information on EU citizens must be able to prove that they have taken all necessary precautions to protect personal data in a “reasonable” way. The information protected by the regulation includes everything from the citizen’s name, email address, and phone number, to their computer IP address and cookie data. Bank details and medical information are also protected under the regulation.
Any information that can be used either directly or indirectly to identify a person must be protected. The actual way that this data is protected is open to interpretation. Organizations that use personal data for research purposes may be able to avoid restrictions if they implement certain safeguards. However, it’s crucial that organizations collecting sensitive data follow the GDPR’s rules and guidelines regarding portability, deletion, and explicit consent.
Any breach must be reported according to GDPR protocol. Failure to comply will result in hefty fines, which are determined based on the level of infringement.
The GDPR also requires organizations that meet specific requirements to appoint a Data Protection Officer (DPO). At this time, Vault Consulting does fall under the requirements for a DPO.
Organizations collecting data from EU citizens must be extremely careful. It’s crucial that these organizations take every possible precaution to protect personal data. Vault Consulting can help you better understand how the GDPR will affect your research efforts. Please contact us for more information.