First question… What is GDPR?
It stands for General Data Protection Regulation, and it’s a new standard for the way in which companies manage and maintain their customers’ data within the European Union. It goes into effect on May 25th. Second question, as a U.S. based company, do you really care?
You probably should. As a starting point, I’d suggest reading the following article:
A quick summary of the article is that any U.S. based company that has a web presence and sells products as the result of web contacts needs to review their data practices and how the GDPR might impact them.
In a recent webinar hosted by BrightTalk, entitled “Getting Ahead of the Compliance Curve”, the presenters stressed that full implementation requires a combination of technical and organizational measures to protect your data. Part of that could be encryption, but operational processes are also required to ensure complete compliance. As part of that, two key implementation points are the “right to be forgotten” feature, and the requirement that all data breaches must be reported within 72 hours.
Once in place, the GDPR is positioned to impose significant fines for non-compliance. One report indicates that fines can be up to 4% of your annual global revenue. Another example is that if a company is breached and credit card information is accessed, the fine could be in the neighborhood of $3/card breach. Simple arithmetic shows how quickly the fine can go up based on the size of your breach.
Confused? Concerned? We can help. It all starts with understanding current practices within your environment, assessing them against the requirements of GDPR, and determining what needs to happen next. Call us at 651-429-9991 and we can help. After all, our mission is Helping Businesses Stay In Business!
Rolling out GDPR - Are you ready for May 25th?