Insights First Read

Insights Blog

GDPR: It Affects You

supraja_infographic_04-01Does your organization handle customer data? If yes, unless you exclusively cater to non-European audience, you're affected by GDPR. If unsure, then GDPR may impact you.

What is GDPR?

GDPR, or General Data Protection Regulation, requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within the EU.

It is a result of four years of work by the EU parliament due to the inadequacy of older data protection rules. Safe Harbor Privacy Principles of 2000 and Privacy Shield agreements of July 2016 had privacy components in them and outline respective responsibilities. But, they were not laws.

Organizations can no longer self-certify without regulatory oversight. GDPR requires the data controller, (i.e. your organization), to have a Data Protection Officer (DPO) role. It also requires your organization as the data controller to provide notification of cybersecurity and data breaches within a set time.

Unlike its predecessors, GDPR recognizes the importance of privacy in the current era. It was created with the idea that “identity is the new currency in our world” especially in the likelihood of a future cashless society (cryptocurrency anyone?).

GDPR has three primary objectives:

  • Give people more control over how their personal data is used.

  • Provide tighter controls and tougher enforcement to improve trust in digital economy.

  • Give organizations clear legal environment to operate in, that is identical across EU.

When is the compliance deadline?

This regulation was adopted by EU parliament on April 15, 2016. Any organizations affected by this regulation have about 2 years to comply, making the deadline May 25, 2018.

What are the impacts of noncompliance?

Failure to comply with GDPR could have a significant impact on your finances. Should a data breach or any other form of noncompliance occur, a fine will be issued at the discretion of your business’s governing body. The amount of the fine depends on a number of factors, such as your company’s history, level of cooperation, data types, and more. Based on this criteria, the fine could be:

  • 2% of annual revenue (not net profit but all global revenues or 10 million euros, whichever is higher) or

  • 4% of annual revenue or 20 million euros (that’s almost 25 million dollars), whichever is higher

There are other non-financial impacts that noncompliance can have as well. Should a breach occur, consider the effects it would have on your reputation. According to a recent survey, 29% of existing customers would discontinue their relationship with a company following a data breach. With privacy breaches occurring every single day, it is crucial to be proactive by having a crisis management plan prepared.

How can you get compliant?

Check back here soon for an upcoming blog post detailing GDPR compliance preparation from Trellist consultants Primus Poppiti (Digital Strategy) and Victoria Silow (Branding and Marketing Leadership). 

For more information, please contact us at enterprisetechnology@trellist.com.

About the author

Nick Cohen

Chief Information Security and Compliance Officer
A technology consultant with postgraduate degrees from Harvard University and Boston College respectively, Nick is responsible for the direction and execution of Trellist's IT needs and serves as the go-to for assessing and vetting IT trends and offerings for client engagements. 

About the author

Supraja John

Web Development
A skilled web developer and team leader, Supraja is responsible for supporting and maintaining CMS platforms and email marketing programs for a number of national and global clients. Supraja is passionate about applying the latest trends in web development to improve the end customer’s experience. 

WE'RE READY TO LISTEN

We’d love to have a conversation with you about how Trellist can help you engage your customers and maximize growth. Start by providing us some details in the form below.

To see career opportunities, apply for a job, or submit your resume, visit our Careers section.

Required