Can the GDPR Affect The Caribbean Business?
General Data Protection Regulation (GDPR) is a European privacy regulation aimed at controlling how businesses collect, store and use their customer’s data. This regulation affects all businesses offering products and services to the EU citizens no matter the location of the business. In other words never mind we are in the Caribbean and are now exploring our online and e-commerce spaces, we are going to be affected. This new GDPR regulation will take effect from May 25th, 2018.
What is it?
The regulation requires that every business working with personal data such as customer’s name, bank details, email address, photo, medical information, location details, and other personal information must have a data protection officer. This officer is responsible for making sure that all the GDPR regulations are in compliance. Sometimes we in the Caribbean think that we can get away, however the Internet has made our presence similar to if we are simply next door to each other. It may be prudent therefore to start working towards collecting just the necessary info.
Businesses will be limited to collecting only the important information from the customers. GDPR will not allow any business to collect information that is not of any use for the service provision or delivery or product to the customers.
If a business has more information about the customer that is of no use, then what will happen is that the business should delete the information before May 2018. Every business is expected to document what it does with the data it collects from the customers. Before collecting any information from customers a business should inform the customer why the information is needed and how the business will be using the information given.
If you are running a business, then it is also expected that you put security measures to secure all personal data given to you by your customers from breaching. If for any reason the breach occurs your business should go an extra mile to notify the individuals and other relevant authorities.
Businesses should train their employees on how to comply with all the GDPR regulations. This includes informing them all the regulations, how to comply with them and the risks of not complying with the set regulations.
As a Caribbean business, and you have already set customer data protection protocols, then they should be checked whether they comply with the requirements of the GDPR. It cant hurt to be just a bit more secure.
As you run your business, it will also lead to a tougher time since the new rights give individuals, customers and clients the rights to have their own data deleted. Guess what!!! Some people will be taking advantage of this and will likely place claims to have their information deleted even when they still have pending transactions. This then means the customer can and will evade some duties and responsibilities. The business is therefore expected to put some measures to avoid such circumstances.
Some individuals may not be willing to freely give their information to your business. The business will not be able to know more about the individuals they will be dealing with as it will be limited to collecting only the information that is of use and the use of the information must be documented.
It seems as if there is another hurdle for our businesses to overcome.