What is the GDPR?
The General Data Protection Regulation, or GDPR regulations, are designed to protect all European citizens’ data privacy and reshape the way organizations approach data privacy globally. This directive was approved by the EU parliament on April 14th, 2016 and will go into effect on May 25th, 2018.
GDPR replaces an outdated data protection directive put in place in 1995. This new set of regulations, however, applies to not just businesses within Europe, but transactions within Europe. Meaning the GDPR will apply to all companies who have a presence in EU, process the data of European citizens, companies with over 250 employees, or those who handle specific types of personal data. Essentially all companies will be touched by this in some way.
How will this affect you?
The GDPR takes a wider view of what constitutes personal data. Information like someone’s IP address will now be treated with the same criticality as their social security number. The new directive will also regulate the exporting of data outside Europe.
Not only does GDPR affect where one’s data is stored, but also where it’s not stored. This new set of regulations acknowledges the “right to be forgotten” as well. Meaning if a consumer requests to have their information deleted, it’s the company’s responsibility to make sure it’s permanently deleted.
Another raise in compliance standards is the shift in timeframe for most regulations. For example, companies are required to report breaches to authorities and affected parties within 72 hours of the detection of it.
But for many companies, meeting this new elevated standard of security could be quite an investment. In a survey done by PwC, it was found that 68% of US companies expect to spend 1-10 million dollars in preparing to meet GDPR requirements. Another 9% expect to spend upwards of 10 million.
Is it worth being compliant?
Many companies are wondering if it’s really worth being compliant with the GDPR. Why invest so much money just as a precaution, so to speak?
Let’s count the cost. A company might invest 10 million dollars in attaining and maintaining such a high standard of compliance. But if they neglect to take such precautions, and they are fined for breaking regulations, they could be hit with penalties up to 20 million euros (around 25 million USD), or 4% of their global turnover (whichever is higher). Any non-compliant company could be in for a shock come May 25th.
How can you prepare now?
It’s expected that likely a large number of fines will be given out to non-compliant organizations in the initial stages, to set a warning example for other companies taking the risk. But whether a large fine ensues or not, no business wants their name associated with a low level of security. In fact, according to a report done by Ovum, 85% of US companies see this as putting them at a competitive disadvantage.
But does it really have to be? The truth is, preparing for GDPR standards may be difficult, but it’s hardly impossible. Overlooking all the bustle surrounding GDPR news lately, the principles will really only serve to benefit your company and its consumers. In the same study by Ovum, it was found that 2/3 US companies believe this will require them to rethink their strategy. So what can organizations do to prepare for the regulations soon to come?
The GDPR will strongly affect how we process, store, and protect consumer data in every stage of a business process. The most important way to prepare for the adjustments is by building a sense of urgency in your team. And this starts at an executive level.
The digital economy we interact in requires that the customers feel their data is safe where it is stored. And having a strong framework for security and risk assessment, while it takes effort, will only prove to protect your business in the long run.
Need help making this process easier or want more information? Contact us today.