Part 1: What Every CEO Needs to Know About the GDPR

Part 1 of our GDPR series discusses the 5 things every CEO should consider as we reach the GDPR enforcement date.

The clock is ticking for the General Data Protection Regulation (GDPR) to go into full effect. With the end or beginning, depending on how you see it drawing near, we wanted to share the top 5 things all American CEOs should know about the GDPR.

  1. The GDPR goes into full effect on May 25, 2018.

That’s right, you have less than 2 months before the strongest data privacy/protection law ever created goes into effect.

  1. Fines for non-compliance can be up to 4% of worldwide annual revenue.

Now, granted this is the max fine for non-compliance with the GDPR, but 4% is no laughing matter. So what infringements might garner the max fines?

  • The basic principles for processing, including conditions for consent under Articles 5, 6, 7, and 9
  • The data subjects’ rights under Articles 12-22
  • The transfer of personal data to a recipient in a third country or an international organization under Articles 44-49
  • Any obligations pursuant to Member State law adopted under Chapter IX
  • Any non-compliance with an order by a supervisory authority (83.6)
  1. The potential fines are large, but the blow to your company’s reputation could be the biggest risk.

Under the GDPR, a company has 72 hours to disclose to the regulator, as well as the data subject, and data breaches that affected their data, as well as which data was affected. With news agencies and social media looking on, the first few companies unfortunate enough to have a data breach are going to need to do some major PR work.

  1. One of the biggest changes will need to come from within.

The GDPR aims to make companies liable for the risk associated with holding personal data. Currently, most companies have a mentality of the more data we have the better. They hoard data and treat it like it is belongs to them. But, under the GDPR, data belongs to the subject, not the company.

  1. Last, but certainly not least, is Fraudulent Data Requests.

This one has the potential to be the downfall of a lot of companies. Under the GDPR, data subjects have the right to request their own data from an organization. With this in mind, experts predict a wave of fraudulent data requests from impostors in the early months of the GDPR rollout.

No matter where in the world your company might be located, these 5 things could keep your company on the right side of the GDPR.