GDPR might look like a random combination of letters, but it’s important data protection legislation that will impact the day-to-day administrative and management tasks you carry out in your court. Although this law is laid down by the government of the European Union — and not the government here in the United States — you will still need to understand what it means if you deal with clients in Europe, or if people from Europe visit your website. Failure to do so could result in expensive penalties and jeopardize the reputation of your court. Here’s how GDPR regulation affects local courts.
What is GDPR, Anyway?
GDPR stands for General Data Protection Regulation, a regulation that stipulates how businesses, governments, and courts handle personally identifiable data in the European Union (EU) and European Economic Area (EEA). In short, GDPR is all about privacy — and how companies and organizations handle sensitive data.
“The right to privacy is part of the 1950 European Convention on Human Rights, which states, ‘Everyone has the right to respect for his private and family life, his home and his correspondence,'” says GDPR.eu. “From this basis, the EU has sought to ensure the protection of this right through legislation.”
Although the EU passed this law, it has ramifications for anyone who collects data from people in the EEA (all the countries in the EU, plus Iceland, Liechtenstein, and Norway). Put into effect on May 25, 2018, GDPR will impose strict penalties — sometimes, these can exceed tens of millions of dollars — for organizations that violate its privacy standards.
How Does This Impact Your Court Business?
In a globalized world, many American courts at the local level now handle data from outside of the country. Currently, the US is the largest partner for exports of goods in the European Union, and there are close ties between the US and many European countries, including the United Kingdom, France, Germany, and Italy.
Think about all the times you’ve spoken to someone from Europe in an email or over the phone. Now think about all the data you collected from this person. Someone from the UK might have filed court papers after purchasing a property in the US, for example. Someone from Italy might have filed for divorce after marrying an American citizen.
Now GDPR has come into force, you need to think carefully about how you collect, handle, manage, and store data from people in the European Economic Area. This data might include the following:
- Phone numbers
- Email addresses
- Next-of-kin information
- Financial information
However, it doesn’t stop there. You will also need to rethink your data collection policies if someone from the EEA visits your website — whether that’s to download a court document or just find out more about your services. In these instances, you will also need to think about GDPR because you will be collecting — sometimes, unknowingly — important data about these visitors, such as email addresses and IP address information.
These regulations impact all organizations in the US who collect data from people residing in the European Economic Area, whether that’s for commercial or non-commercial purposes.
“Governments tend to hold onto data, but under GDPR, in most circumstances, they won’t be able to do that,” GDPR consultant Sheila FitzPatrick told Government Technology. “Federal, state and local governments are not exempt under GDPR.”
GDPR only really ever applies in a few circumstances. For example, local governments and courts don’t need to adhere to this directive when collecting and processing data for the prevention and detection of prosecution and criminal offenses, preventing threats to public safety, or the execution of criminal penalties.
How to Improve GDPR Compliance
Now that you know how important GDPR is, you need to take action. Here are some tips for better GDPR compliance in your court.
Find Out What Personal Data You Currently Process
You can no longer get away with processing personal data without thinking about the consequences. Under GDPR, you should ascertain what personal data you currently process, and find out how much of it belongs to people who reside in the EEA.
Decide What Personal Data You Want to Process in the Future
Going forward, you might decide that you are currently processing too much data from people in the EEA and want to scale down. Decide what personal data you want to process in the future, whether that’s phone numbers, email addresses, financial information, and so on.
Tell People Why You Want Their Data
Tell People What You Plan to Do With Their Data
GDPR also stipulates that you must tell people what you plan to do with their data — and who you plan to share it with. Although you don’t need to share the names of the companies and organizations you share data with, you will need to provide a rough outline of your data-sharing objectives (sharing contact information with credit reference bureaus to reduce fraud, for example.)
Appoint a Data Representative in the European Union
GDPR (Article 27) states that you will need to appoint a data representative in the European Union if you collect data from people there. You might also want to appoint a data protection officer to handle your data collection affairs, especially if you manage a lot of information from people in the EEA.
Improve Your Data Collection Security Methods
You will need to have a proper data collection security protocol if you collect information from people in the EEA. This might involve encrypting super-sensitive data, setting up password protection for sensitive files, making your website more secure, or investing in the latest technology to improve security. You should also know what to do in the event of a data breach in order to improve local government GDPR compliance.
GDPR in the US might sound complicated, but it’s really not. However, you will need to comply with this directive if your court collects data from people in the EEA, or risk harsh penalties. Follows the steps above for better GDPR compliance.
If you have any questions about GDPR compliance, the team at FivePoint Payments would love to answer them and to help with the technology needed to collect and secure this sensitive information. Don’t hesitate to reach out.
Image credit: ZDNet