In May of this year, the new General Data Protection Regulation (GDPR) came into effect across the whole of the European Union (EU). The aim of GDPR is to protect people’s privacy and in particular their personal data that is held digitally by companies and other organisations around the world. The implications of GDPR are wide-ranging and here we examine some of the ways it can affect businesses who import and export goods.
A GDPR Overview
GDPR defines personal data as all information relating to a person and this includes; their name, photo’s, contact details such as an email address, medical records, and bank details. The way that the directive has been laid out means that, now, businesses are legally obliged to inform individuals if they are holding any of their personal details and gain permission to use the information.
The rights that the regulations give individuals include; the right to access the data, the right to be forgotten and the right to restrict processing. Any business that has been established in the EU or even from outside of the EU and that offers goods and/or services to citizens in the EU, is subject to GDPR and must comply or face stiff penalties.
What this Means for Businesses Who Import or Export Goods
Companies who import and export goods from within the EU or to the EU will be affected by the regulations and in the first instance may want to seek advice for legal experts such as DWF to find out what measures need to be implemented.
Depending on the size and nature of the business, it may also be the case that it needs to employ a data protection officer to oversee the continued compliance. This will include making sure customers and clients have agreed to the use of their personal data. Doing so is particularly important where importers and exporters, including e-commerce operations, are involved in marketing activities such as emailing customers and sending out newsletters. Marketing activities such as these can only be performed with the consent of each person that they are aimed at – assumption or disclaimers are not valid even if they contain an opt-out clause.
GDPR covers the activities of both B2C and B2B businesses and so, for example, should members of a sales teams meet contacts at a conference or exhibition, they can no longer take a business card and add the details to an emailing list unless the GDPR rules are applied in the process.
The GDPR legislation is active now and so if your business hasn’t already complied, it is time to act.