Share on facebook
Share on twitter
Share on linkedin
Share on email

May 25 is Deadline to Comply with the EU’s General Data Protection Regulation

law

Along with losing weight and exercising more, your 2018 New Year’s resolutions should include this: Get your company compliant with the General Data Protection Regulation by May 25.

Or else?

Or else your company could face €10 million to €20 million in fines – not to mention risk a public relations nightmare.

BACKGROUND

folder

The European Union Parliament adopted the GDPR in April, 2016 to protect personal data of EU citizens and regulate how such data may be used. This regulation not only applies to organizations — data controllers and data processors — located within the EU. It also applies to those outside the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. (This means you!) The exception is organizations in the United Kingdom, which is expected to have its own, similar regulation post-Brexit.

Parliament said in a news announcement at the time that the GDPR aims “to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era.”

Provisions include things like a user’s “clear and affirmative consent” to the processing of private data, a user’s right to transfer data to another service provider, and to know when their data has been hacked, access to privacy policies that are explained in clear and understandable language, and stronger enforcement and high fines as a deterrent to breaking the rules.

RELEVANT DEFINITIONS

book

Personal data is any information related to a natural person or data subject that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

A data controller is the entity that determines the purposes, conditions, and means of the processing of personal data. A data processor is an entity which processes personal data on behalf of the controller.

WHAT YOU SHOULD DO

checklist

Experts agree GDPR awareness is crucial from top to bottom of an affected organization. You need to educate personnel and establish protocols. Do you have an emergency handbook for coping with data breaches? This is the time to consider one. In some circumstances, you may need to appoint a Chief Data Protection Officer.

Other recommended steps are review and documentation of your data security procedures. Have you done a security audit or penetration test lately?

Note, too, the GDPR requires servers which hold or process any personal data are within compliant facilities.

If all this seems overwhelming, don’t worry. Consultants are available to help.  Some experts even point out any expense you may incur adding help for GDPR compliance will likely be far below what you’d pay in penalties for non-compliance.

ABOUT THOSE FINES

Cost of Acquisition

Fines are case specific, and reportedly will be given mostly when violations result in any real damage. Violators should be ready to shell out up to €10 million to €20 million, based on different sections of the regulation, like having the correct consent registered of the user, correct authoritative certifications to process sensitive data (like correct PCI-DSS level to process credit card information), and so on; or violating rights and freedoms of data — things like cross-border data transfers, handling and securing personal data, transparency on why/how you handle data.

 


For more information about this topic or ways to more effectively leverage your data, contact your InfoTrust Consultant today.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

Other Articles You Will Enjoy

4 Advantages of Server-Side Tagging in Google Tag Manager

4 Advantages of Server-Side Tagging in Google Tag Manager

Server-side tagging is a hot topic these days in the analytics world. For the uninitiated, server-side tagging allows users to move measurement tag instrumentation…

How Will the Apple iOS 14 Update Impact Advertising?

How Will the Apple iOS 14 Update Impact Advertising?

In June 2020, Apple announced that their iOS 14 update would include a very important new privacy update. Naturally, this update puts many businesses—or,…

Side-by-Side Comparison of GDPR and CCPA—and Their Impacts

Side-by-Side Comparison of GDPR and CCPA—and Their Impacts

When it comes to digital privacy, everyone is talking about two sets of recent regulations: 2016’s General Data Protection Regulation (GDPR) and 2018’s California…

Google Consent Mode 101: Protecting User Rights & Business Needs

Google Consent Mode 101: Protecting User Rights & Business Needs

Table of Contents Introduction Google’s introduction of Consent Mode (beta) provides an organization the ability to technically modify the behavior of Google tags (Google…

What the History of Privacy Regulations Reveals about Where We’re Headed

What the History of Privacy Regulations Reveals about Where We’re Headed

In 1890, Samuel D. Warren and Louis Brandeis published an article in the Harvard Law Review called “The Right to Privacy.” They defined privacy…

Privacy Sandbox Overview

Privacy Sandbox Overview

Google’s announcement in January 2020 that they intend to deprecate support for third-party cookies in Google Chrome within the next two years sent a…

3 Digital Analytics Trends for News and Media Companies to Follow in 2021

3 Digital Analytics Trends for News and Media Companies to Follow in 2021

With 2020 now behind us, I hope that 2021 brings you and your loved ones better luck and joy. Last year around this time,…

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Our website uses cookies and may collect user information to provide a good experience. Read our Privacy Policy here.

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.