GDPR Goes Into Effect This Week, Here’s What You Need to Know
GDPR Goes Into Effect This Week, Here’s What You Need to Know
Meghan Markle and Prince Harry’s transatlantic union isn’t the only thing linking the U.S. with the EU these days. If you’re still toasting all things royal wedding, you might want to put down your Earl Grey tea and get ready for the next European wave ready to hit U.S. shores: GDPR.
GDPR, or General Data Regulation Protection, is the latest buzzword to bubble up within our global economy’s collective consciousness. Although its been in the works for the last two years, it’s going into effect this Friday, so you may see businesses making sure they’re compliant with the new law. So what does this ominous acronym mean?
GDPR is a new regulation focused on consumer data. It replaces the 1995 Data Protection Directive which set minimum standards for data protection in the EU. The new GDPR regulation will work to give control to citizens regarding personal data; and will also aim to simplify the regulatory environment for international business in the EU.
Okay, so if this concerns companies based within the EU, than it won’t affect my business in the US, right? Well, it’s not that simple. While the regulation applies to companies in the EU, it also applies to international companies that have clients based in the EU -- especially those that process large amounts of consumer data as part of their service offering. Even allowing an EU citizen to request free information from you by them providing their email address, can make your company liable to comply with the GDPR. Unless you plan on blocking access to your website from all 28 EU countries, your data and privacy policies should comply with GDPR.
The GDPR regulation officially goes into effect this week on Friday, May 25, 2018, and while it may impose changes for larger companies on a greater scale (especially tech giants) it’s also something for which small companies should prepare. Penalties for not complying are €20,000,000 ($23,450,700) or 4% of global revenue whichever is higher. The EU is serious about having companies comply with this regulation!
If you’re a small company that regularly processes consumer data and has clients in the EU, here’s what you need to know about GDPR:
- Know Your Data - Assess all the consumer data that you currently have and determine where its located within your company’s framework. The GDPR regulation requires companies to be aware of all the consumer data that they house, so making sure you know exactly where, what, and how much data is being stored will help you towards gaining compliance.
- Identify and Organize the Data - Knowing what types of data you have and where your company stores it isn’t enough. You must then assess the data and organize it. This is because data is stored in various levels or “fields” and you must be able to access the information from these fields. Some of this personal data includes names, email addresses and social security numbers. The key here in regards to compliance is data quality and making sure that you’re well versed and can easily access the multiple layers of data that you store.
- Manage the Data and Update Your Privacy Policy - Once you’ve accessed and identified the data, you will need to figure out how to manage it under the new GDPR regulations. This also involves updating your data privacy policy and defining how these new privacy measures will be shared across your company. Under the GDPR regulations, privacy policies are to be documented and distributed across the entire business so that personal data can only be accessed by qualified individuals.
- Protect the Data - There are three ways you can ensure that your data and management model are protected and GDPR compliant: encryption, pseudonymization and anonymization. It’s important to apply the proper technique based on the user’s rights and data usage.
- Audit the Data - The final step towards GDPR compliance involves auditing the data so you can show that your company follows all regulations. You must prove that you know what data you have and where it’s located; that you can successfully manage the data consent process from clients; you must prove how the acquired data is used, who is using it, and why; and finally, that you have the proper process in place to manage data breach issues and more.
For an in depth overview on how to become GDPR compliant, you can visit our source material here. Remember GDPR goes into effect this Friday, May 25, 2018, so if you think you still need to update your data policies make sure you get started.
For more information on Delaware Business Incorporators, Inc. updated Data and Privacy Policies, click here.