May 25, 2018 may seem like it’s far enough away, but if you’re a business that will need to be compliant with the EU General Data Protection Regulation (GDPR), you don’t have much time left to adhere to laws.
What is GDPR? GDPR, which was approved by the European Union on April 14, 2016, was established to replace the Data Protection Directive 95/46/EC and is intended to strengthen cybersecurity and data protection across Europe for both businesses and individuals alike.
So, what does that mean for businesses across the globe? Well, for any business based outside of the EU that stores personal data on, monitors the behavior of, or offers goods or services to EU individuals must now abide by these new regulations by May 25, 2018. This applies to any company or organization, no matter the size, that is offering goods or services to anyone in the EU. In other words, any company that has some data exchange with a counterpart in Europe regardless of their company’s location. Companies who fail to put the proper key changes in place will face penalties. However, companies are not necessarily bound to GDPR if they are not openly promoting doing business in the EU.
And these penalties aren’t to be taken lightly. According to GDPR’s website, an organization who chooses to be non-compliant can face fines up to 4% of their annual global turnover or €20 million – whichever is higher. Of course, this is for the most serious of fines. There is a tiered approach to how these fines are doled out, with other offenders possibly having to pay less depending on the level of severity.
Learn more about GDPR, when the North American marketing will need to take action, and how to the competitive edge by becoming GDPR compliant. Watch our recorded webinar!
Now, you may be thinking what your next moves should be. Immediately, you need to evaluate how ready your business is. Doing an internal audit of your network will give you a starting point for becoming compliant.
Overall, you the business owner, needs to take control and ensure that you’re positioning yourself properly. You may also entrust this task to your company’s CIO, CISO, IT Admin or the like if you have one. Data must be kept track of, from the time it comes in to where it goes, where it’s stored, who can access it and when and where it goes out again. The new law also states that you only keep what data you need in your database – any old and unnecessary data is to be disposed. The more unidentified or unneeded data in your system just adds extra clutter and could lead to a security flaw. Though most organizations already have some sort of security measure in place, a best practice would be to make sure what you have in place will work with these new regulations. If not, be sure to make the necessary updates.
With that being said, it has never been more important than now to fully vet your security suppliers. After all, if they are not compliant than neither are you. This is where you might consider partnering with a Managed Security Service Provider (MSSP) like Twinstate Technologies who not only understands these GDRP standards but partners with vendors like Sophos who are well-versed on the subject as well – saving you time and confusion.
Though this may sound like an overwhelming task, consider the benefits of becoming compliant. Those who make these regulations a priority and are open to being transparent about it may, in fact, gain more European business over competitors who haven’t been so quick to change. You will have gained trust and even have the ability to retain more customers the quicker you set your plans in place. You will have also made your network safer for your own benefit. In the event of a breach you can rest easy knowing that you were proactive not only for your customers but your own data as well.