GDPR is Here!
Don’t say we didn’t warn you, but the European Union’s General Data Protection Regulation (GDPR) is finally here! This Friday, May 25, GDPR will go into full effect, launching a number of strict rules when it comes to data privacy. So your business is based in the United States or elsewhere outside of the European Union (EU), you’re in the clear, right? Wrong. Even if your organization resides outside of the EU, any organization that holds or uses data collected from people inside the EU is subject to the new rules.
Our team at N2K has informed you of the high cost of non-compliance and some of the more challenging requirements that GDPR poses for those who will have to adhere to the new regulation. With GDPR right around the corner, here are a few additional insights to help you weather the privacy regulation storm.
- Who, What, Where, and When – The fast-track way to find out if GDPR will impact you or your business is to take a look at GDPR’s own FAQ guide which explains what industries will be affected, what constitutes personal data, and the penalties for non-compliance.
- Severity – Don’t think that the fines imposed on those who are noncompliant are small. Some businesses are temporarily shutting down sections of their operations network because they cannot comply with the new rules. While there will undoubtedly be those who try to bend and break the rules, the fines imposed for non-compliance can be crippling to a business. These fines can reach up to €20 million ($22.6 million), or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. Long story short, make compliance a priority.
- Understand GDPR – At the end of the day, navigating GDPR means one thing: paying attention to data privacy and security. Businesses must understand the type of data they collect, the frequency at which it is collected, how long the data is stored, and what for what reason it was collected in the first place. GDPR also has breach notification requirements embedded into the law as well. Find a general summary of GDPR here.
- Value of Compliance – Whether or not GDPR applies to your business, this is a significant trend to monitor. With the increased regularity of cybersecurity breaches and theft of personally identifiable information (PII), the push for better data protection has not been constrained to the EU. Use the GDPR standards as a way to stay ahead of regulations that might be headed your way and as a mechanism to boost consumer confidence that you value data security in what seems to be a data insecure world.
What is important to note about GDPR and other legislation surrounding data protection is that it is here to stay. In the United States, each state has its own breach notification laws and the demand for customer privacy in the digital domain is at an all-time high. Take the time to understand how your organization is accountable for the privacy of its customers and consumers and stay ahead of current and future laws that impact how you handle data.
N2K offers deep-dive training courses and provide training to board directors and executives on different areas of cyber risk. If you’d like to request on-site training or just need some direction around managing cyber risk, contact us at firstname.lastname@example.org.