GDPR is coming, here’s what you need to know to survive

Have you heard of GDPR? For media projects and companies, GDPR is set to be one of the defining issues of 2018, but it’s gone almost completely unreported.

It stands for General Data Protection Regulation, and it’s a powerful collection of rules and regulations drawn up by the European Union to guarantee the cyber and data rights of its citizens.

The quantity and types of information defined by GDPR are vast, but for most media companies, IP and email addresses, cookies, geo-location tags, name and date of birth information, payment info and photographs will be where GDPR is most observable and important.

The lack of information about what GDPR is and how it will affect media companies is perhaps unsurprising as it was passed as legislation in 2016, and only comes into effect on May 28 this year. Put simply, it’s been forgotten about, and there is also a considerable degree of confusion as to who is affected by GDPR, and how they will be affected.

If in doubt check GDPR out

GDPR will directly affect any media company that has EU visitors, i.e. even if only one person from EU enters a particular media website, the company must be compliant with GDPR requirements.

Taking into account that European visitors (specifically EU citizens) are more than likely to view the majority of media company websites, there is no doubt that every company (including non-EU based) should assess all possible implications of GDPR.

Given how many companies will be affected, it is highly recommend to begin the implementation process as soon as possible so that your project is ready by May 28. Not only will this prevent any legal problems, it could also increase the attractiveness of your project to investors as GDPR compliance will become a highly desirable asset.

First of all, you absolutely should perform a complex risk assessment of all internal processes and systems to ensure you have identified gap areas and risk zones. When it comes to GDPR compliance, it’s really important not to have any blind spots.

This kind of assessment should be conducted either by technical specialists that have expertise with GDPR implementation, or lawyers that fully understand the GDPR implementation process.

While the process of implementing GDPR is likely to be difficult and time-consuming, there is good news.

Even regulation has silver linings

GDPR won’t limit your company’s financial performance as it only prescribes the measures that should be taken to ensure compliance. It neither restricts any kind of procedures, nor prohibits any sort of activities, meaning your company will continue to process the data as usual. The only financial cost is assessment and implementation.

Also, GDPR won’t affect your content, as long as it doesn’t relate to the publication of personal data. There might be specific cases where GDPR will apply, but this should only entail additional security measures for the personal data in question, and wont limit your ability to publish.

It’s also highly unlikely you will need to change your existing business model. There may be some specific cases, where the processes essential for business activity can’t be amended and consequently would need to be eliminated, but these will be rare.

For these reasons, it is absolutely recommended to ensure that your project becomes fully GDPR compliant. While some commentators have reported that is is technically possible to do without compliance, the consequences of doing so may, in fact, be severe.

Companies liable under GDPR will be subject to random, spot inspections by EU officials, and if your project is found to not be in compliance, you could be fined up to 20 million Euros or 4% of your annual global revenue.

For most media companies, this could spell disaster or even bankruptcy, so compliance with GDPR should be of paramount importance.

Don’t let GDPR scare you

Overall, the mantra you should be repeated yourself regarding GDPR should be that old example of British stoicism; ‘Keep calm and carry on.’

While GDPR will certainly cause a considerable number of changes they should not affect the content, finances and ethos of your project. Also, if you implement the required changes quickly, in the long run, you stand to benefit.

If in doubt, check the facts out. You can find out more about GDPR by reading IO Technologies’ list of frequently asked GDPR questions, and you can also check out the full list of GDPR regulations here.