Does your organization handle customer data? If yes, unless you exclusively cater to non-European audience, you're affected by GDPR. If unsure, then GDPR may impact you.
What is GDPR?
GDPR, or General Data Protection Regulation, requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within the EU.
It is a result of four years of work by the EU parliament due to the inadequacy of older data protection rules. Safe Harbor Privacy Principles of 2000 and Privacy Shield agreements of July 2016 had privacy components in them and outline respective responsibilities. But, they were not laws.
Organizations can no longer self-certify without regulatory oversight. GDPR requires the data controller, (i.e. your organization), to have a Data Protection Officer (DPO) role. It also requires your organization as the data controller to provide notification of cybersecurity and data breaches within a set time.
Unlike its predecessors, GDPR recognizes the importance of privacy in the current era. It was created with the idea that “identity is the new currency in our world” especially in the likelihood of a future cashless society (cryptocurrency
anyone?).
GDPR has three primary objectives:
-
Give people more control over how their personal data is used.
-
Provide tighter controls and tougher enforcement to improve trust in digital economy.
-
Give organizations clear legal environment to operate in, that is identical across EU.
When is the compliance deadline?
This regulation was adopted by EU parliament on April 15, 2016. Any organizations affected by this regulation have about 2 years to comply, making the deadline May 25, 2018.
What are the impacts of noncompliance?
Failure to comply with GDPR could have a significant impact on your finances. Should a data breach or any other form of noncompliance occur, a fine will be issued at the discretion of your business’s governing body. The amount of the fine depends on a number of factors, such as your company’s history, level of cooperation, data types, and more. Based on this criteria, the fine could be:
-
2% of annual revenue (not net profit but all global revenues or 10 million euros, whichever is higher) or
- 4% of annual revenue or 20 million euros (that’s almost 25 million dollars), whichever is higher
There are other non-financial impacts that noncompliance can have as well. Should a breach occur, consider the effects it would have on your reputation. According to a recent survey, 29% of existing customers would discontinue their relationship with a company following a data breach. With privacy breaches occurring every single day, it is crucial to be proactive by having a crisis management plan prepared.
How can you get compliant?
Check back here soon for an upcoming blog post detailing GDPR compliance preparation from Trellist consultants Primus Poppiti (Digital Strategy) and Victoria Silow (Branding and Marketing Leadership).
For more information, please contact us at enterprisetechnology@trellist.com.