If you live just about anywhere outside of Europe, it's possible that you've heard whispers about the GDPR (General Data Protection Regulation). Maybe you've never heard of it or believe that it doesn't affect you. To be fair, 30% of organizations, in Europe and otherwise, say they don't understand the difference between the existing data act and the upcoming GDPR.
If you're not familiar, here's what's happening:
GDPR is the first EU-wide regulation that unifies European data privacy laws and addresses personal data protection rights of residents, so that European citizens have full control over the data that is collected and stored about them. If your organization is in Denmark or Australia, America or Japan, GDPR will affect the way your organization handles personal data of European citizens, a big chunk of which likely lives on your website.
According to a Pwc Pulse Survey, more than half of surveyed US companies that work across continents listed GDPR preparation as a top priority. In fact, 77% of companies say they plan to spend $1 million to prepare and 10% plan to spend $10 million or more. But, this doesn't mean that the US is in the clear. While US organizations lead amongst non-EU countries in making progress toward GDPR compliance, only 22% of surveyed US companies have finished preparation, meaning many organizations still have a long way to go.
Regardless of where you are in the world, here are some things you should be aware of before May 25, 2018:
- GDPR mandates that organizations efficiently and accurately demonstrate that they are protecting the personal data of their customers. While this may sound straightforward, it becomes very difficult as many organizations manage and process data through third-party organizations.
- If you even have just one Europe-based customer, failure to comply with GDPR could result in fines up to 23 million USD (or 20 million EUR) or 4% of your organization's annual turnover, whichever is greater.
- It may seem like GDPR is a compliance issue, but most importantly, it’s an accountability issue. GDPR rests the responsibility of possible data breaches entirely on the shoulders of organizations.
GDPR is a major change but there isn't really a way out of it. In fact, businesses outside of the EU could be putting themselves at a major disadvantage if they don't comply. Bottom line: because GDPR is about protecting the data of the customer, anyone who does business with EU citizens is at risk for some serious fines if they don’t comply.
Is GDPR good or bad for North American business?
"In a global economy, protecting personal data makes good business sense," says Angelo Spenillo, General Counsel at Siteimprove. Although a regulation like GDPR isn't convenient, what regulations are? In the grand scheme of things, if a regulation makes businesses more thoughtful in their data collection, administration, and retention methods, then everybody wins.
Spenillo has faith that GDPR will make for a more trusting relationship between company and customer, adding, "Individuals will have confidence that the business is securely using personal data for a well-defined purpose and organizations will know that they are obtaining quality data tailored to their needs."
Simply put, the road to GDPR-compliance may be a complicated one, but not only will it help you escape some serious fines, it's also the right thing to do.
Interested in learning more about how GDPR affects you and what you can do? Register for Siteimprove's free webinar, How the EU's New GDPR Requirements Affect North American Companies.