For the past month or so, you’ve probably been getting emails in your inbox from all the cloud services you use letting you know that they’ve updated their privacy policies. You’ve probably also noticed that all the websites you commonly visit are displaying large, unavoidable notices about the fact that they collect cookies.
All this change is due to IT compliance in response to GDPR, the new Internet privacy standards for European Union citizens, and these new standards may or may not affect how you do business here in the States. Today’s article looks into what the standards are, how they affect U.S. companies, and what they mean for your organization.
The General Data Protection Regulation (GDPR) affects every business or entity that collects, stores, or uses personal data on any member of the European Union. If your company sells to, partners with, or employs even a single EU citizen or dual citizen, then GDPR applies to you.
In essence, this wide-ranging IT compliance regulation protects the privacy of European Union citizens by empowering the people to take control of their personal data and determine what should be done with it.
The regulations seek to establish a standardized guideline that states:
· A clear definition for personal data
· How personal data should be legally collected, managed, and stored
· What constitutes data misuse and exploitation
· Who is ultimately responsible for data
The penalties for breaking these laws are strict. The maximum fine of 20 million euros or 4% of worldwide turnover (whichever is greater) applies if a company directly infringes the data rights of individuals, transfers data without authorization, or ignores legitimate access requests for personal data. A lower fine of 10 million euros or 2% of worldwide turnover applies if a company mishandles data by failing to appoint a data protection officer, neglecting to report a data breach, or committing one of many other lesser infractions.
GDPR came into effect starting on May 25, 2018.
Remember that this is a law for the EU, not the US. Therefore, if you have no customers, employees, or business partners from the European Union (and don’t plan to ever establish those connections), the GDPR does not directly impact your business. But that doesn’t mean you should ignore it.
It can be tempting to ignore the GDPR if it doesn’t affect you currently, but business leaders here in the US will want to make themselves available for business opportunities with EU citizens, and they’ll also see the GDPR for what it is: the first step in what will surely be a long path toward global data regulation.
After all, comprehensive data regulation is sorely needed right now. Hacking is now a constant threat to businesses of all sizes, with new data breaches occurring almost daily. Five years ago, Target made national headlines for months because their systems were hacked. This year alone, records from Delta, Sears, Under Armor, Panera, Saks Fifth Avenue, and Chili’s have all been compromised (along with many, many other companies) but cyberattacks are so common that they’re barely even newsworthy.
Clearly, we need a change.
Unfortunately, the GDPR is not quite the change we need or want — it’s a massive, complex tangle of odd, outdated legislation and bureaucratic compromise — but change is coming, and savvy business leaders understand that preparing now for the changes to come will give them a leg up on the competition when the US comes up with its own set of online privacy regulations and IT compliance practices.
Planning for better data security is a smart move, since it protects your company, lowers your risk of experiencing a damaging data breach, and provides a competitive differentiator that your partners and customers will appreciate.
If you’re ready to start, you’ll want to begin planning and implementing your data security strategy by taking one, small, manageable step: get a baseline of your current data protection performance. This sounds difficult to do, but it’s actually quite easy – once you know who to ask for help.
If you’re an SMB in the Seattle area, all you have to do is contact Interplay to schedule your free network vulnerability assessment today.