The General Data Protection Regulation (GDPR) is a global data protection law passed by the European Union to return ownership of personal data to individuals. Contractors with business ties outside of the United States must be careful to protect any customer or client information from being accessed by the wrong entities; otherwise, they could find themselves on the wrong side of the GDPR.
Whether you’re contracted to travel overseas to participate in a project in London or you’re working out of a city like Tampa, the GDPR could affect your business. In this two-part series, our Tampa construction attorneys from Cotney Construction Law will detail a checklist containing everything you should know about GDPR and how to better prepare your business for any potential future run-ins with this groundbreaking law.
Arguably the most important step in maintaining GDPR compliance is achieving transparent customer consent. According to the law, companies must receive full consent before they can process or store customer data. In other words, don’t just take, ask first. Unfortunately, it’s not quite that simple. There are guidelines explaining how a company can appropriately request consent, including:
- A request for consent must be straightforward and devoid of confusing language.
- It must clearly detail how customer data will be used.
- It must explain how long the data will be used for and stored.
- It must be updated according to the latest plans for data usage.
- A new request for consent should be furnished every time the data policy is changed or altered.
If a customer doesn’t provide clear consent, such as ignoring the request, this can no longer be interpreted as a positive affirmation of consent. Additionally, the customer may withdraw consent at any time, which means companies must respond to these requests as soon as possible.
Employ a DPO
A data protection officer, or DPO, is a professional who can help you maintain GDPR compliance. In Europe, public authorities and companies that employ more than ten or fifteen employees are required to appoint a DPO. This person is responsible for monitoring of all data-related concerns for your company and processing special categories of data on a large scale. In the United States, a DPO could work in conjunction with a Tampa construction lawyer to help you avoid any issues involving data privacy.
To see the other items on our GDPR checklist, read part two.
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.