In 2018, the European Union enacted a data directive, the General Data Protection Regulation (GDPR), that protects citizens’ personal information from being stolen or sold online. This legislation safeguards EU citizens, but in reality, it’s a global law. Any business that mishandles the personal information of an EU citizen potentially faces fines for non-compliance. This includes something as simple as improperly tracking a cookie on a website. Why be concerned? These fines are not small. A company failing to comply could be subject to a four percent forfeiture of annual revenue. In its first year, Data Protection Authorities (DPAs) from all over the EU made over 95,000 complaints. It’s here to stay, so listen up.
GDRP’s purpose is to better protect citizens and consumer rights. Businesses are responsible for storing people’s information and held accountable if any information misuse occurs. If data is hacked, that business must report it within 72 hours. They must also give a detailed account of the data that was stolen. In addition, under GDPR, citizens can request to have their information taken out of data storage, and businesses must comply.
Telemarketing, promotional emails, and video surveillance receive the most complaints. Three major fines have been issued for lack of consent to processing personal data. The largest we have seen issued so far is in the sum of €50,000,000. Social media networks and automated email services have experienced the biggest fallout from complaints. European consumers have left Facebook in droves. Facebook advertisers must adapt to new targeting rules. Opt-outs and tighter spam regulations have changed the marketing game for many companies.
Compliance is no joke and it can be tricky to implement. Half of all businesses still have not migrated into the world of GDPR compliance, despite knowing it could end in litigation. This carries over to American companies that either employ EU citizens or service them. Even though your business is in the States, you can still get fined from across the pond.
In order to become compliant with GDPR, appoint someone as your Data Protection Officer (DPO). This person will be the point of contact and GDPR expert. They’ll need to be able to handle IT services as well as oversee the data handling processes in your company. On top of that, they’ll need to consistently monitor any area that may be impacted by GDPR to ensure compliance. The DPO should go through thorough ongoing training so they know exactly what to look for when it comes to staying compliant. If you don’t have someone on staff to fill this role, you can turn to a Managed Service Provider for outside assistance.
GDPR is great at protecting citizens. Most professionals believe it’s only a matter of time before the United States adopts similar regulations. It’s always better to be prepared. Whether you interact with citizens in the EU or not, perhaps now is the time to understand GDPR compliance.