GDPR Compliance – Coming to an International Business Near You
Has your inbox been flooded with emails from online retailers, service providers and all those newsletters you’ve subscribed to? Organizations all over the world are preparing for new personal privacy laws that went into effect last Friday.
As a note, this is a European law, not one that is currently in place in the U.S.
However, as it has now become the European standard for digital security, businesses that work internationally likely already have or are working towards compliance to be able to serve their international customers.
What is GDPR? That’s the big question.
Now that we’ve reached the rollout date, people are becoming ever-more curious to see how it will affect businesses, both abroad and in the States. In fact, GDPR has exceeded Beyoncé in terms of Google searches. Yes, you heard that right.
Many businesses are just now getting ready for these updated compliance requirements for personal data protection.
You may have received emails from brands or people you’ve subscribed to confirm you still want to be subscribed after GDPR rules go into effect. These are the proactive brands and businesses, but not everyone is there yet. At this time, only 65% of companies that are required to be compliant by the enforcement date will be ready by that time, leaving around 1 in 3 in the “not ready” bucket, according to Channel Partners. Additionally, 22% of organizations are unaware that they must comply with GDPR laws, as they’re based outside of the EU but hold data for EU citizens, according to Tech Republic.
That still doesn’t explain what GDPR actually is.
True. Here is a basic explanation. GDPR is a set of laws designed to give the people more access and control over their personal data. This means – companies and businesses don’t own your data. You, as a customer, own that content. This means businesses must offer users a reasonable level of data protection – specifically regarding personal information including names, addresses, photos, banking information, social media posts, medical information, demographic data, etc.
Businesses must focus on becoming GDPR compliant. Here is a good starting point:
- Consumers must “opt-in” again to all of your messaging. This consent is a key piece to the GDPR compliance laws. It’s why you’ve been receiving additional emails from your favorite e-newsletters asking if you’d like to continue receiving them.
- A privacy notice must be present for consumers during any data collection.
- Collection of data is limited to only what is relevant to your business.
- Create a Data Protection Plan in the event that you experience a Data Breach. How will you protect your consumers? It is worth keeping in mind that you only have 72 hours to notify customers if you experience a data breach.
- Fines for a data breach do cap out at a fairly sizeable mark, but for major players, that could be substantial.
- For “Lower Level” infringements, the Maximum Fine would equal $10M or 2% of global revenue, whichever is higher.
- For “Upper Level” infringements, that maximum increases to $20M or 4% of global revenue from the previous year, again whichever is higher.
Sounds like a lot of work… is there a silver lining?
Not really. This is a law for the people. And that’s okay.
Most businesses that work internationally in Europe will need to adhere to these compliance laws, so you likely won’t be gaining much of a competitive advantage there. However, the rest of the world will be monitoring how these GDPR laws affect consumers and businesses alike, so those companies and organizations that are compliant now should have a leg up if a similar law is proposed in the U.S. With that said, many businesses may touch on European data without trying, so it is very important to know how and why your business may need to do to be compliant.
Not sure where to start? Press the Easy Button.
Microsoft has been making investments into preparing for these compliance changes, which means you can lean on them as your GDPR preparation easy button. Two Assessments provided by Microsoft allow you to assess your current data security state and where you stand in terms of international compliance with GDPR.
The Data Discovery Toolkit uses Microsoft information and applications to discover GDPR data, label it, and help give you an easy-to-read report on how much data your business needs managed.
The second is a GDPR Data Assessment. One of our trained engineers would work through 165 questions regarding your current data security situation. These questions will help give you a sense of where you are in terms of compliance. It really helps you understand where you currently stand and what areas you need to focus on to set up remediation plans to work towards compliance.
Whether you serve clients or customers internationally or not, now is the time to start thinking more seriously about how GDPR could potentially affect your business going forward. Reach out to ITP for assistance with either of these GDPR assessments and preparations. We can help.
We wil also be sharing additional thoughts on specific pieces of GDPR over the next month, so stay tuned for that blog series and white paper.
Additional Content from the CEO
If you’d like to read more of my industry thoughts, check out my recent articles:
- Digital Security Breaches: Facebook’s Present, Your Data’s Future – A deep dive into the Facebook Cambridge Analytica scandal.
- Blockchain – What Even Is It? – A look at the rise of the tech behind Bitcoin.
- Disney in Hot Water after Tracking App Activity – Another look at data security at the Enterprise level.