If you've been online in the past few months and especially in the past few days, you've no doubt stumbled across the acronym GDPR. Perhaps there were news titles about it, maybe some ads, definitely some emails letting you know a company or another is working on becoming GDPR-compliant.
But what is GDPR exactly, and why should you care about it, especially if you're not in Europe?
GDPR stands for the General Data Protection Regulation and is a European Union law on data protection and privacy for all people in the EU, replacing the 1995 Data Protection Directive. It was adopted in April 2016 and becomes enforceable on May 25 2018 — next Friday, that is.
The GDPR primarily aims to give more control to people over their personal data and it also addresses the export of personal data outside of the EU, aiming to also simplify the regulatory environment for international businesses.
The truth is, 1995 seems more like a century ago in terms of Internet usage and online activity, so a new law focusing on people's rights online was bound to happen. GDPR's purpose is truly a noble one.
In order to be compliant companies — no matter their size or field of activity (so L&D and in fact any company that trains people make no exception) — will have to:
All this can turn into a costly hassle for companies in the short-term, but according to the Dutch Prince, it will all be worth it in the long run; because companies that will be GDPR-compliant will be more trustworthy in the eyes of all people who use the internet especially to do business.
Well, because the world — and especially the business world — is more global every day. Just think about all the companies that have teams scattered across the globe and implement training programs for all employees. GDPR has direct implications for numerous businesses worldwide, as the EU is a great trading partner with countries on all other continents.
If your business offers goods or services to anyone living in the European Union, GDPR will apply to you.
If your business has a website that assists your selling process and that website can be accessed by an EU citizen, GDPR will apply to you.
If you have mailing lists for company newsletters and other marketing promotions and at least one of your prospects lives in the EU, GDPR will apply to you.
GDPR may be a European regulation, but it definitely reinforces the idea of the long arm of the law, defying geographical and political borders.
If you're an American company and have to be GDPR-compliant by the end of next week, you should check out this post answering a few US-specific questions about it. And seek further counseling and advice from an authorized law source.
Even though it's a challenge to become GDPR-compliant, here are a few steps to follow:
Again, the above steps should not be interpreted as legal advice. If you have to become GDPR-compliant please consult with your relevant authority figures and take the steps to your unique situation.
The countdown is on!