Think GDPR doesn’t apply to your company? You’d better look again…
On May 25, 2018 the General Data Protection Regulation (GDPR) takes effect and could have a significant impact on how you collect, store, use and disseminate personal customer data. While GDPR is a European regulation developed to protect European Union (EU) citizens’ privacy, companies around the globe must be aware of and comply with its rules.
Through GDPR, the EU is essentially setting a new global standard for data and privacy. Since personal information can easily be transmitted well beyond the borders of the EU, the GDPR provides protection to EU citizens no matter where their data travels. This means that any company (even a non-EU based business) that stores personal data on an EU citizen is bound by its rules. And organizations of all sizes are affected – from small businesses to large multinationals.
Not only is GDPR designed to ensure the proper handling of personal information, it also requires companies to provide individuals greater access to the data that is being collected. The regulation outlines a host of ways consumers must be able to access, monitor, control and delete (when requested) this sensitive personal data.
What does GDPR consider personal data?
This regulation applies to a broad range of personal data, including name, email address, mailing address, phone number, credit card number, ID numbers, location information and digital fingerprints such as IP address, web search history and cookies.
What happens if I don’t comply?
The EU is serious about protecting the personal privacy of its citizens, and non-compliance with GDPR can be severe, resulting in significant fines and penalties. Penalties can range from the simple issuance of written warnings to fines of 20 million euros (approximately $24 million) or 4% of the company’s global revenue (whichever is larger) — fines that could be crippling to a business that breaches its policies.
All companies should learn more about GDPR and evaluate their exposure by reviewing the personal information they collect and store electronically on EU nationals. Furthermore, due to recent high-profile data breaches and misuse of personal data (think Cambridge Analytica), U.S. privacy regulations are likely to become more stringent as well. So reviewing and adopting GDPR requirements will improve your company’s overall awareness and protection of personal data, regardless of whether your company conducts business with EU companies or nationals.
For more information about GDPR, view Clark Schaefer Consulting’s on-demand webinar: