The Basics of GDPR

MAY 30TH, 2018
On May 25, a new European privacy regulation called the General Data Protection Regulation (GDPR) came into effect. This will change the way businesses are allowed to collect, store, and leverage customer data. If you have not heard of this new legislation, it’s imperative to inform yourself on its specifics and alter your customer relations management strategy immediately.

What are the specifics of GDPR?

The way businesses handle customer data is oftentimes a little sketchy. So, it makes sense that the EU would introduce an overarching regulation to specify exactly what a company can and can’t do with client information. Customers now have the legal right to access their data, be forgotten from your system entirely, be informed when you’re gathering their data, have information corrected, restrict processing, and be notified if a data breach occurs.

Will GDPR affect my U.S.-operated business?

The regulation states that if you own a business outside of the EU, GDPR must be followed when it comes to handling data from clients who reside in an EU country. However, this only applies to customers you’ve targeted with marketing, not generic ads. Altering your tactics towards targeted marketing or ensuring you maintain that data in a separate spot is essential to complying with the new laws.

What changes must I make?

As you may have guessed, the new legislation will bring about big changes for businesses of all sizes. These changes include:
  • All companies that collect personal data are now required to hire or appoint a data protection officer to oversee GDPR compliance.
  • Complying also means purging any current non-essential or stock-piled customer data your company maintains. At some point, your business may have collected data like a client’s age or past addresses but never found a practical use for them. This is the perfect time to get rid of all this chunky data that takes up space and goes against the new code.
  • Properly securing your clients’ data against breaches and cyber-attacks since the new legislation takes a firm stance on data protection. Also, ensure you’re quick to inform users whose data has been compromised during a breach.
  • Recreating marketing pieces that have assumed consent of data collection from customers in the past. For example, do not use automatically checked consent boxes.
  • Finding a method to efficiently and quickly deleting customer data completely if a client opts out of a mailing list. Make sure this information is actually deleted from all platforms.

How seriously will non-compliance be taken?

Avoiding the new legislation should not be an option for your business. The consequences are tough. Expect fines of 4% of your annual global revenue or up to 20 million Euros. Although it may seem like GDPR only affects IT departments, its outcomes will be felt throughout your entire business. Your marketing and sales departments will feel it especially. Expect email and web promotion to become a lot tougher. For more information on how to comply with the regulations, read our Guide to GDPR Compliance.


At StorageCraft, we’ve always focused on maintaining an honest relationship with our customers. Please read our compliance statement to learn more about how we will be changing policies and acting according to GDPR codes. Remember, we’re the data recovery pro! If you have any questions regarding how we can help you protect your customer information with our online data recovery and storage solutions, contact us today.