General Data Protection Regulation (GDPR)
“After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.”
(From the eugdpr.org website https://www.eugdpr.org 5/2/18)
You may wonder what GDPR means to you and your company.
According to the eugdpr.org website’s FAQs, under the question of Who does the GDPR effect?
“It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.“
Therefore, although yours may be a US-based company, location may not relieve your company from meeting this new law’s requirements going into effect on May 25, 2018.
Here is a further description of the law’s intent as described on the EUGDPR.org website:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.“
The GDPR law has been in the works in the EU for a few years, and coming on the heels of the Cambridge Analytica / Facebook user record breach, and other data breaches culminating in literally billions of individuals’ data being exposed to who knows who, we as consumers and as business leaders must pay attention.
From a consumer perspective, one may feel that protecting their personal data is daunting at best, considering the number of data breaches already reported.
As a business, when communicating to our customers through the variety of options available, such as: website, social media, e-mail marketing, digital ads, and more, there is a responsibility to follow certain protocols that protect citizens who engage with us online, and we are tasked with being compliance with the laws put in place to protect them.
We encourage business leaders to become informed of GDPR requirements. Because there are very few barriers in the digital realm, a US-based company is not immune to exchanging data between itself and a client who may fall under the protection of the EU’s GDPR umbrella. And, the fines for non-compliance are significant.
Here is a link to learn more about how the GDPR may impact all American businesses in consumer data procedures.