If your company has access to data from customers within the European Union (EU), it is important to understand what the General Data Protection Regulation (GDPR) will mean for you. The new data protection standards by the GDPR will be made effective on May 25, 2018. This not only affects companies based in countries within the EU, but it will also impact U.S.-based businesses that have access to data for their EU consumers. Since violating the new GDPR standards could result in serious fines for a company, we’ve put together a few key points to make sure you are ready for the changes coming up on May 25th.
- Do not assume you will not be affected just because you don’t have offices in the EU. All companies that have access to data from EU consumers need to be aware of the changes. If, for example, your company manufactures and sells products via a website that is accessible in Europe and provides the option to pay in Euros or British Pounds, this affects you, too.
- The regulations do not only apply to data you collect moving forward, but retroactively as well. If your company has not already taken steps to examine and assess where all of your data is stored, it is important to begin now. Your organization will need to make sure you have the ability to do the following with this data, according to the new regulation’s standards:
- erase a consumer’s entire data profile at their request;
- provide information to the consumer about exactly what data you are processing, where you are storing it, and the purpose this data collection serves;
- provide the consumer with a copy of the personal data you’ve collected about them at their request.
The consumer also has the right to question and fight all decisions that may impact them if the decisions were made on a purely algorithmic basis.
- Failing to meet the requirements of the GDPR could result in a fine of up to $23 million or 4% of your company’s annual worldwide turnover. Fines this hefty could put some companies out of business. There are cyber insurance policies available, but whether or not to invest in this type of service will depend on every company’s individual needs.
The standards put in place by the GDPR are quite different from the more liberal U.S. approach to consumer data collection. So if your company may be impacted by these changes, it is imperative that you begin preparing now for the May 25 changes. Should you need help providing the information to consumers from any of the bullet points above in specific languages, now’s the best time to get the ball rolling and plan for 2018. We’re here to help!