In 2018, the European Union enacted a new directive to protect its citizens from having their personal information stolen or sold known as GeneralData Protection Regulation, or GDPR. This legislation protects EU citizens, butit is a global law at this point. Any businesses in the world that mishandlethe personal information of an EU citizen, including something as simple asimproperly tracking a cookie on your website, could be fined fornon-compliance. Those fines are not cheap. A company failing to comply with theregulation could be subject to a 4 percent forfeiture of its annual revenue. Inits first year, there were 95,000 complaints from Data Protection Authoritiesall over the EU.
It’s here to stay, so should you care?
Of the 95,000 complaints received, telemarketing, promotionale-mails, and video surveillance were the top culprits. So far, three fines wereissued by DPAs for GDPR violations. The largest fine issued was in the sum of€50,000,000 for lack of consent to processing personal data. Compliance is nojoke and it can be tricky to implement. Fifty percent of all businesses stillhave not migrated into the world of GDPR compliance, though they know it couldend in litigation. This carries over for American companies that either employEU citizens or service them. Even though your business is in the states, youcan still get fined from across the pond.
The main idea behind GDPR is protecting citizens and consumerrights. Not only are businesses held responsible for storing people’sinformation, but they are also held accountable if any misuse occurs to thatinformation. If data is hacked, that business is obligated to report it within72 hours of the breach and give a detailed account of the data that was stolen.In addition, under GDPR, citizens can request to have their information takenout of data storage, and a business must comply.
Currently, social media networks and automated email services arethe heaviest hit by GDPR. Facebook has seen a steady decline in Europeanconsumers. Also, it has cracked down on how people can use FB ads whentargeting certain audiences. Email marketing has seen an increase of opt-outsand tighter spam regulations, changing the marketing game for many companies.
In order to become compliant with GDPR, you will need to firstappoint someone as your DPO, or data protection officer. This person will bethe pointof contact and GDPR expert. They’ll need to beable to handle IT services as well as monitor all the data handling processesin your company. Then, of course, they’ll need to be able to consistentlymonitor any area that may be impacted by GDPR and ensure they’re withincompliance. It is highly recommended that the DPO goes through thoroughtraining on the subject, so they know exactly what to look for when it comes tostaying compliant.
GDPR is great at protecting citizens, and most professionalsbelieve it’s only a matter of time before the United States adopts similarregulations. It’s always better to be prepared, so perhaps it’s time to furtherinvestigate GDPR compliance.Thetechnology experts at AJTC can help understand GDPR and how your business canremain compliant with the law. Contact AJTCtoday to learn more about IT security and other services. You may also visit AJTChere or call 708.942.8200.