In 2018, the European Union enacted a new directive to protect its citizens from having their personal information stolen or sold known as General Data Protection Regulation (GDPR). This legislation protects EU citizens, but in reality, it is a global data protection law at this point. Any businesses in the world that mishandle the personal information of an EU citizen, including something as simple as improperly tracking a cookie on your website, could be fined for non-compliance.
Those fines are not cheap. A company failing to comply with the regulation could be subject to a 4 percent forfeiture of its annual revenue. In its first year, there were 95,000 complaints from Data Protection Authorities all over the EU. It’s here to stay, so should you care?
The answer is yes. The U.S. in particular is ramping up it’s compliance regulations. They are heavily encouraging more employee education like Security Awareness Training, for example. The more employee training the better. A Managed Service Provider (MSP) can incorporate Managed Security solutions that allow your team to work as safely as possible. A lack of investment in security isn’t worth a data breach.
Many people feel that they need to decrease spending now due to COVID. An MSP will give you one flat monthly rate so you won’t have to worry about workers with a lack of commitment or hidden fees that you would deal with using a break fix model.
Of the 95,000 complaints received, telemarketing, promotional emails, and video surveillance were the top culprits. So far, three fines were issued by Data Protection Officers (DPO) for GDPR violations. The largest fine issued was in the sum of €50,000,000 for lack of consent to processing personal data.
Compliance is no joke and it can be tricky to implement. At least half of all businesses still have not migrated into the world of GDPR compliance, though they know it could end in litigation. This carries over for American companies that either employ EU citizens or service them. Even though your business is in the states, you can still get fined from across the pond.
This concept is similar to the Shield Act which will soon be incorporated into New York law. This means that no matter where you are, if you’re doing business with a company in New York you need to follow the regulations of the Shield Act. When it comes to data security you shouldn’t take it lightly. That’s why having a Managed Service Provider to handle information security can be so helpful.
Purpose of GDPR
The main idea behind GDPR is protecting citizens and consumer rights. A data breach could potentially expose extremely sensitive client information. That’s why this is a public interest issue and why GDPR requirements are so important.
Not only are businesses held responsible for storing people’s information, but they are also held accountable if any misuse occurs to that information. If data is hacked, that business is obligated to report it within 72 hours of the breach and give a detailed account of the data that was stolen. In addition, under GDPR, citizens can request to have their information taken out of data storage, and a business must comply.
Currently, social media networks and automated email services are the heaviest hit by GDPR. Facebook has seen a steady decline in European consumers. Also, it has cracked down on how people can use FB ads when targeting certain audiences. Email marketing has seen an increase of opt-outs and tighter spam regulations, changing the marketing game for many companies.
In order to become compliant with GDPR, you will need to first appoint someone as your Data Protection Officer (DPO). This person will be the point of contact and GDPR expert. They’ll need to be able to handle IT services as well as monitor all the data handling processes in your company.
Then, of course, they’ll need to be able to consistently monitor any area that may be impacted by GDPR and ensure they’re within compliance. It is highly recommended that the DPO goes through a thorough training on the subject so they know exactly what to look for when it comes to staying compliant.
GDPR is great at protecting citizens, and most professionals believe it’s only a matter of time before the United States adopts similar regulations. It’s always better to be prepared, so perhaps it’s time to look into GDPR compliance.