U.S. companies thrive on customer information, but a major regulatory change abroad will have significant implications for data-gathering practices here. The General Data Protection Regulation (GDPR), to be enforced on May 25, 2018, places a standard set of data protection laws across all European Union countries and covers the personal information of EU citizens. Any U.S. company preparing to access or use that personal information is subject to the regulation as well, meaning this regulation certainly can’t be ignored.
The regulation looks to ensure consistency in the way organizations handle customer information, increase visibility for consumers on how their data is being used, and update outdated data protection legislation to reflect digital progression. GDPR largely focuses on allowing consumers to know and control how their data is used, particularly for marketing purposes.
Any business that processes data from EU citizens must adhere to the GDPR regardless of the business’s location or where the data is processed. Violations come with a hefty price tag: According to a 2018 Fortune article, offenders can see fines of up to €20 million or 4 percent of worldwide annual revenue, if not higher. So American brands wanting to advertise to consumers in the EU must first understand—and ultimately comply with—the GDPR.
What’s covered in the GDPR?
For some companies, the GDPR may be an extension of current data privacy practices; for others, it may require a complete overhaul. The GDPR stipulates that companies must report security breaches. American businesses should already be prepared to report breaches to comply with state and federal regulations, but be aware that European authorities must be notified within 72 hours of any breaches concerning EU citizens. If this timeline isn’t standard procedure for your company, create a plan that ensures your cybersecurity team can respond more quickly.
The more significant changes of the GDPR involve consumers’ rights to their information. EU citizens will need to have more insight into (and more say about) how their information will be used. Terms regarding customer information must be clearer, and companies must obtain consent for each term. Additionally, consumers must have electronic access to records regarding the information a company has gathered on them. These consumers then have the right to make changes or request that data be deleted.
The GDPR goes further than current regulations in an effort to foster more trust between consumers and corporations. The GDPR is more comprehensive, allowing regulators to judge issues on a case-by-case basis. To keep your company aligned, it’s best to be diligent about assessing and updating your data privacy practices, leaving no room for errors.
How to prepare for the GDPR
If your company currently does—or plans to do—business with EU citizens, it’s time to re-evaluate how you’re handling customer information. Here are three areas to address:
1. Conduct a data protection impact assessment
To prepare for the GDPR, the best place to start is by identifying where your organization is processing data from EU consumers as well as how you’re going about it. This assessment is meant to do just that, helping companies determine which processes and practices must change to comply.
This assessment should include an evaluation of the information your organization processes, how it’s being processed, and the purpose of doing so. It should also examine the risks posed to those whose information you have as well as what steps your company is taking to safeguard against them. In the case of the GDPR, compare what you’re currently doing against the new requirements and identify steps to fix potential discrepancies.
2. Understand what third-party suppliers are doing
If you engage with third-party suppliers, you also need to investigate their data processing practices. If EU consumers are involved, your company could be held liable for any mistakes the supplier makes. This is particularly important when you consider that roughly 50 percent of companies are increasingly more reliant on third parties, according to Deloitte Global’s “Extended Enterprise Risk Management” survey, but less than a quarter of those businesses have adequate risk management in place for the extended enterprise.
Treat your assessment of your third-party supplier’s process like you would your own and suggest appropriate changes to ensure compliance.
3. Review your data protection policy
Every employee also plays a role in maintaining compliance. Your company likely has disciplinary action in place if employees violate data protection policies, but your team members must also understand that the consequences are more severe if their actions cause the company to violate the GDPR.
Make sure your employees not only understand the new protection laws but also understand why your policies and procedures are in place and what role they play in maintaining data protection. Help employees see their responsibility in the context of the bigger picture. It will better ensure that they value and uphold compliance.
While U.S. companies may think EU regulations have little relevance domestically, the GDPR applies to any organization doing business with EU citizens. Beyond just incorporating these changes into your company’s practices, you should endeavor to stay on top of further updates and changes. For example, at Acceleration Partners, we follow and participate in the International Advertising Bureau UK and the Information Commissioner’s Office to ensure our company (and our industry) is prepared. With some preparation, complying with the GDPR won’t seem so daunting.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
Is scouting the web for the best finance tips helpful or hurtful?
The wealth of personal finance topics online should make people do better financially. Find out how to get the most...
Which of these 5 loans is right for you?
A credit is not always a bad thing, and you can actually use it to your advantage. Here are five...
A look at the markets since Trump’s election
Data show that economic changes since Trump's election are mostly positive, such as employment and unemployment rates, but Federal debt...
What and why passengers steal from airlines?
Passengers stealing stuff from planes, from cups to cutlery to life jackets, may say more about the airline industry than...
These industries will be disrupted by blockchain
Blockchain is here to stay with corporations banking on this technology. Find out which industries will find blockchain useful in...
Featured2 days ago
Portfolio diversification: How to allocate eggs in several baskets
Business4 days ago
Top 5 food apps for your gastronomic adventure in Europe
Featured2 days ago
Why women must step up their financial knowledge
Business5 days ago
Why your house is not an asset and how to make it one
Destinations5 days ago
5 best places to retire in Europe for Americans
Collections4 days ago
5 celebrity art collectors you didn’t know about
Featured4 days ago
The benefits of executive coaching for your career and your team
Business3 days ago
How can artificial intelligence make ed-tech industry bloom?