Demanding Privacy! European GDPR Takes on the World
By now, you may have heard people bandying the term “GDPR” around, and you probably know it has something to do with privacy laws in Europe. What you may not know, is how drastically it could affect your bottom line, even if your business lies outside of Europe.
In fact, recent surveys show that many companies aren’t doing enough to prepare for the regulation, especially in non-EU regions. That’s a little troubling, given that fines for non-compliance can reach €10,000,000 or 2% of worldwide gross revenue, whichever is higher!
But before we get into the numbers, a little background on the law is in order.
First off, the regulation aims to protect consumers’ rights to privacy and to guard against identity theft. (It’s a good thing!)
The GDPR (or General Data Protection Regulation) sets out a number of tough mandates on how companies must:
- Identify, store, and secure personal data in their systems
- Accommodate requirements for data transparency
- Detect and report personal data breaches
- Train personnel on privacy concerns and procedures, and so on.
What’s more, the law not only affects European companies, but any company that holds personal information on residents of the EU.
Given the complexity of the law and the super hefty price tag for non-compliance, you might think that companies are rushing to prepare for the May 25, 2018 deadline, when the law goes into effect.
Well, back to those stats…
- According to a 2017 survey on GDPR readiness by AIIM, 53% of executives have only little or some knowledge of what the laws means, or the implications of non-compliance.
- Yet, a full 66% of these same companies know they hold data on EU residents, so they will in fact be liable to the law. (An additional 13% aren’t sure if they hold such data, so that number could be as high as 79%!)
Digging into some other surveys reveals a geographically asymmetric response to the law. While companies in the UK (40%) and EU (28%) are starting to prepare, only 5% of US companies and 7% of Asian countries are gearing up for the change.
So that’s the bad news. The good news is that there is still time to prepare!
The first step is to inform yourself about what the law is and how it affects you. We’ve put together a whitepaper that gives an overview of the subject and the types of things you need to do to prepare (download here). We also gave a webinar on the GDPR a few months back, so be sure to check it out if you missed it.
Next, your organization should appoint a Data Protection Officer (DPO), who will be responsible for ensuring compliance. This can be either someone within your organization, or someone on the outside, such as a lawyer who can provide legal advice.
Although there is much to do to prepare, the important thing to keep in mind is that this law is a step in the right direction. The GDPR provides an opportunity for us to focus on safeguarding our customers’ privacy a little better. And that’s a good thing.
Because at the end of the day, we are all also customers of somebody else’s company. And the GDPR is meant to ensure that those companies will also be protecting our personal data with a little more care.
Graphics credit: Elements from Freepik used in design.Back