U.S. companies thrive on customer information, but a major regulatory change abroad will have significant implications for data-gathering practices here. The General Data Protection Regulation (GDPR), to be enforced on May 25, 2018, places a standard set of data protection laws across all European Union countries and covers the personal information of EU citizens. Any U.S. company preparing to access or use that personal information is subject to the regulation as well, meaning this regulation certainly can’t be ignored.
The regulation looks to ensure consistency in the way organizations handle customer information, increase visibility for consumers on how their data is being used, and update outdated data protection legislation to reflect digital progression. GDPR largely focuses on allowing consumers to know and control how their data is used, particularly for marketing purposes.
Any business that processes data from EU citizens must adhere to the GDPR regardless of the business’s location or where the data is processed. Violations come with a hefty price tag: According to a 2018 Fortune article, offenders can see fines of up to €20 million or 4 percent of worldwide annual revenue, if not higher. So American brands wanting to advertise to consumers in the EU must first understand—and ultimately comply with—the GDPR.
What’s covered in the GDPR?
For some companies, the GDPR may be an extension of current data privacy practices; for others, it may require a complete overhaul. The GDPR stipulates that companies must report security breaches. American businesses should already be prepared to report breaches to comply with state and federal regulations, but be aware that European authorities must be notified within 72 hours of any breaches concerning EU citizens. If this timeline isn’t standard procedure for your company, create a plan that ensures your cybersecurity team can respond more quickly.
The more significant changes of the GDPR involve consumers’ rights to their information. EU citizens will need to have more insight into (and more say about) how their information will be used. Terms regarding customer information must be clearer, and companies must obtain consent for each term. Additionally, consumers must have electronic access to records regarding the information a company has gathered on them. These consumers then have the right to make changes or request that data be deleted.
The GDPR goes further than current regulations in an effort to foster more trust between consumers and corporations. The GDPR is more comprehensive, allowing regulators to judge issues on a case-by-case basis. To keep your company aligned, it’s best to be diligent about assessing and updating your data privacy practices, leaving no room for errors.
How to prepare for the GDPR
If your company currently does—or plans to do—business with EU citizens, it’s time to re-evaluate how you’re handling customer information. Here are three areas to address:
1. Conduct a data protection impact assessment
To prepare for the GDPR, the best place to start is by identifying where your organization is processing data from EU consumers as well as how you’re going about it. This assessment is meant to do just that, helping companies determine which processes and practices must change to comply.
This assessment should include an evaluation of the information your organization processes, how it’s being processed, and the purpose of doing so. It should also examine the risks posed to those whose information you have as well as what steps your company is taking to safeguard against them. In the case of the GDPR, compare what you’re currently doing against the new requirements and identify steps to fix potential discrepancies.
2. Understand what third-party suppliers are doing
If you engage with third-party suppliers, you also need to investigate their data processing practices. If EU consumers are involved, your company could be held liable for any mistakes the supplier makes. This is particularly important when you consider that roughly 50 percent of companies are increasingly more reliant on third parties, according to Deloitte Global’s “Extended Enterprise Risk Management” survey, but less than a quarter of those businesses have adequate risk management in place for the extended enterprise.
Treat your assessment of your third-party supplier’s process like you would your own and suggest appropriate changes to ensure compliance.
3. Review your data protection policy
Every employee also plays a role in maintaining compliance. Your company likely has disciplinary action in place if employees violate data protection policies, but your team members must also understand that the consequences are more severe if their actions cause the company to violate the GDPR.
Make sure your employees not only understand the new protection laws but also understand why your policies and procedures are in place and what role they play in maintaining data protection. Help employees see their responsibility in the context of the bigger picture. It will better ensure that they value and uphold compliance.
While U.S. companies may think EU regulations have little relevance domestically, the GDPR applies to any organization doing business with EU citizens. Beyond just incorporating these changes into your company’s practices, you should endeavor to stay on top of further updates and changes. For example, at Acceleration Partners, we follow and participate in the International Advertising Bureau UK and the Information Commissioner’s Office to ensure our company (and our industry) is prepared. With some preparation, complying with the GDPR won’t seem so daunting.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
3 tips that will help you define your brand voice
How to use your kindness in the office to your advantage
Legendary American singer Aretha Franklin dies at 76
3 biggest myths about how to write a good business plan
Buying your next car? This legal advice will guide you
‘Phenomenal’ PotNetwork a ‘Strong Speculative Buy’ according to Harbinger Research
PepsiCo CEO Indra Nooyi to step down this October
How to invest in Bitcoin with your IRA
Multibillion-dollar mixed-use tourist center opens in Montenegro
5 ways you can save money by house sitting
Strengthening the cooperation among countries to generate inclusive growth
H&R Block and IBM Watson are revolutionizing tax preparation
IMF message: Interconnectedness needs to be preserved
Can we use smartphones while driving 100% safely?
Innovative electricity tech from ABB provides better life
Featured5 days ago
Investors seek help from academics to better understand sustainable investments
Business4 days ago
How technology is disrupting the metal fabrication industry
Crypto4 days ago
Survive the collapse of altcoins with these crypto investing tips
Commodities5 days ago
India may fall short of ambitious solar power capacity target by 2022: Ciril
Featured5 days ago
Jim Cramer believes US stocks stood their ground this year—here’s why
Agriculture4 days ago
Sugar, soybean and wheat prices down for the week
Featured3 days ago
10 lessons that every young entrepreneur should learn from Walt Disney
Featured3 days ago
Save your next mortgage with these handy tips