Effective since May 25th the new law on Data Protection “GDPR” improves consumer rights. But whom does it affect, what are the effects and how to comply with the new regulation?
GDPR was already approved in April 2016 by the EU Parliament after an extended period of preparation. It replaces the Data Protection Directive 95/46/EC and includes heavy fines for those, who do not comply with the new data protection standards.
The new regulation protects the data privacy of all EU citizens and strengthens consumer’s rights. Key changes range from an extended jurisdiction of the GDPR to the obligation of appointing a Data Protection Officer. It affects companies all over the world that process data of EU citizens.
To comply with the new regulations the companies have to implement a privacy statement on their website preferably as an own and visible menu option true to the motto “Privacy by Design”.
Companies must especially pay attention to publications like newsletters. From now on, the operator has to expressly request the consumer’s consent. Tacit consent is not sufficient anymore the consumer has to agree actively on the data processing for example by clicking a checkbox on the website. Pre-checked boxes are not valid. Furthermore, there must be the option to withdraw the consent anytime and without difficulty. This can be achieved with an opt-out in each newsletter. Moreover, the operator has to record the consent. The easiest way is to set a double-opt-in, so that the consumer has to confirm the subscription. Since the GDPR also applies to subscriptions that were conducted prior to the effective date the consent must be recollected.
The fine for not complying with the GDPR is legally determined: up to 20 Mio Euro or 4% of the worldwide turnover. The higher amount will be charged.