U.S. companies thrive on customer information, but a major regulatory change abroad will have significant implications for data-gathering practices here. The General Data Protection Regulation (GDPR), to be enforced on May 25, 2018, places a standard set of data protection laws across all European Union countries and covers the personal information of EU citizens. Any U.S. company preparing to access or use that personal information is subject to the regulation as well, meaning this regulation certainly can’t be ignored.
The regulation looks to ensure consistency in the way organizations handle customer information, increase visibility for consumers on how their data is being used, and update outdated data protection legislation to reflect digital progression. GDPR largely focuses on allowing consumers to know and control how their data is used, particularly for marketing purposes.
Any business that processes data from EU citizens must adhere to the GDPR regardless of the business’s location or where the data is processed. Violations come with a hefty price tag: According to a 2018 Fortune article, offenders can see fines of up to €20 million or 4 percent of worldwide annual revenue, if not higher. So American brands wanting to advertise to consumers in the EU must first understand—and ultimately comply with—the GDPR.
What’s covered in the GDPR?
For some companies, the GDPR may be an extension of current data privacy practices; for others, it may require a complete overhaul. The GDPR stipulates that companies must report security breaches. American businesses should already be prepared to report breaches to comply with state and federal regulations, but be aware that European authorities must be notified within 72 hours of any breaches concerning EU citizens. If this timeline isn’t standard procedure for your company, create a plan that ensures your cybersecurity team can respond more quickly.
The more significant changes of the GDPR involve consumers’ rights to their information. EU citizens will need to have more insight into (and more say about) how their information will be used. Terms regarding customer information must be clearer, and companies must obtain consent for each term. Additionally, consumers must have electronic access to records regarding the information a company has gathered on them. These consumers then have the right to make changes or request that data be deleted.
The GDPR goes further than current regulations in an effort to foster more trust between consumers and corporations. The GDPR is more comprehensive, allowing regulators to judge issues on a case-by-case basis. To keep your company aligned, it’s best to be diligent about assessing and updating your data privacy practices, leaving no room for errors.
How to prepare for the GDPR
If your company currently does—or plans to do—business with EU citizens, it’s time to re-evaluate how you’re handling customer information. Here are three areas to address:
1. Conduct a data protection impact assessment
To prepare for the GDPR, the best place to start is by identifying where your organization is processing data from EU consumers as well as how you’re going about it. This assessment is meant to do just that, helping companies determine which processes and practices must change to comply.
This assessment should include an evaluation of the information your organization processes, how it’s being processed, and the purpose of doing so. It should also examine the risks posed to those whose information you have as well as what steps your company is taking to safeguard against them. In the case of the GDPR, compare what you’re currently doing against the new requirements and identify steps to fix potential discrepancies.
2. Understand what third-party suppliers are doing
If you engage with third-party suppliers, you also need to investigate their data processing practices. If EU consumers are involved, your company could be held liable for any mistakes the supplier makes. This is particularly important when you consider that roughly 50 percent of companies are increasingly more reliant on third parties, according to Deloitte Global’s “Extended Enterprise Risk Management” survey, but less than a quarter of those businesses have adequate risk management in place for the extended enterprise.
Treat your assessment of your third-party supplier’s process like you would your own and suggest appropriate changes to ensure compliance.
3. Review your data protection policy
Every employee also plays a role in maintaining compliance. Your company likely has disciplinary action in place if employees violate data protection policies, but your team members must also understand that the consequences are more severe if their actions cause the company to violate the GDPR.
Make sure your employees not only understand the new protection laws but also understand why your policies and procedures are in place and what role they play in maintaining data protection. Help employees see their responsibility in the context of the bigger picture. It will better ensure that they value and uphold compliance.
While U.S. companies may think EU regulations have little relevance domestically, the GDPR applies to any organization doing business with EU citizens. Beyond just incorporating these changes into your company’s practices, you should endeavor to stay on top of further updates and changes. For example, at Acceleration Partners, we follow and participate in the International Advertising Bureau UK and the Information Commissioner’s Office to ensure our company (and our industry) is prepared. With some preparation, complying with the GDPR won’t seem so daunting.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
Bitcoin Whale Makes Historic Purchase of 1.3 Billion
The massive purchase of Bitcoin reflects a trend of growing confidence in cryptocurrencies as valuable assets for significant investment. The...
11 SEO Trends You Need to Know About in 2024
In 2024, SEO remains indispensable for marketing success. Keep pace with evolving trends to outperform competitors. So, if you’re wondering...
Guarantee Fund in Italy Brings Maximum Business Coverage to 5 Million
While awaiting this approval, it will be possible, only for SMEs and professionals, to use the new method which provides...
BitForex Exchange Suddenly Disappears and No Longer Responds to Users
It is still too early to declare whether the exchange is indeed dead or whether it will one day come...
CaSRevolution Raises 1.3 Million on CrowdFundMe to Develop Treatment for Alzheimer’s
CaSRevolution is developing a treatment for Alzheimer's disease by exploiting an innovative approach with the aim of stopping or at...
Crowdfunding2 weeks ago
Edoardo Reggiani Appointed Managing Director of ClubDealOnline
Biotech5 days ago
Gotham Insists on Projecting Its Doubts on Grifols
Fintech2 weeks ago
Why the Fintech Sector Is in the Focus of Venture Capital Investors in Chile
Business4 days ago
The TopRanked.io Weekly Digest: What’s Hot in Affiliate Marketing [Buffalo Partners]