Regardless of what business you’re in—B2B or B2C, corporate or non-profit, large or small—by now, you’ve likely heard about the EU’s new data regulation—the General Data Protection Regulation (commonly referred to as GDPR).
Although the regulation is designed around protecting EU citizens online, its reach is not limited to EU-based businesses only, as there are many businesses in the U.S. and other countries that control, process or store online data from EU citizens, especially if they sell their product or service internationally.
With the regulation going into full effect on May 25, 2018, it’s important to know what the regulation is, how to become compliant, and what the consequences could be if you’re not compliant by the deadline.
What Is GDPR?
First and foremost, it’s important to know what the official regulation is in order to know how it will affect your business.
Generally speaking, the GDPR can be defined as a new EU regulation coming into play that’s designed to improve the protection and distribution of personal data that’s collected online of EU citizens.
It was created to increase organizations’ responsibility to manage this data in transparent and secure ways, setting a new standard for consumers’ data rights. With the regulation in place, people who visit GDPR-compliant websites will now be able to view, access, store, remove and manage any data collected by those businesses online.
Will GDPR Affect My Business?
The short answer is yes. As stated in a Forbes article by Yaki Faitelson, “Any U.S. company that has a Web presence… and markets their products over the Web will have some homework to do.”
To summarize, if you are a business that collects personal data or any behavioral information from someone in an EU country, your business is now responsible for being compliant. The GDPR protects all EU citizens, no matter where those individuals do business or where the company is physically located. So even if your business is physically located in the United States but you sell to citizens in Europe in any capacity, you’ll be required to comply with GDPR.
What Are the Consequences of Not Becoming Compliant?
Unfortunately for non-compliant businesses, there is a great risk for receiving some substantial fines. According to an article on GDPR: Report, fines will be calculated based on several factors, including:
The amount of people affected and how badly they suffered by the infringement
Whether the infringement was intentional or a result of negligence
Whether the data collector took any steps to fix the damage
Technical and organizational measures that had been implemented by the data collector
Previous amount of infringements by the data collector
The degree of cooperation with the regulator
The types of personal data collected
The method in which the regulator found out about the infringement
The GDPR: Report article further explains potential fine amounts as follows: “If it is determined that non-compliance was related to technical measures such as impact assessments, breach notifications and certifications, then the fine may be up to an amount that is the greater of €10 million or 2% of global annual turnover (revenue) from the prior year. In the case of non-compliance with key provisions of the GDPR, regulators have the authority to levy a fine in an amount that is up to the greater of €20 million or 4% of global annual turnover in the prior year.”
Your Next Steps
Because GDPR compliance is so important to many businesses around the world, it’s crucial to know how to manage it before being issued a fee.
One good way to ensure your business is compliant is to go through this 12-step checklist provided by the UK’s Information Commissioner’s Office (ICO) and ensure you’re operating according to the recommended guidelines. It provides helpful information about how you seek and manage consent, what rights individuals have under the regulation, subject access requests, data breaches and much more.
Or, if you’re feeling overwhelmed with information from the entire GDPR process and are still unsure of what to do next, please feel free to reach out to our team to discuss how we can assist you with working toward your compliance. We’re here to help.