The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. The regulation aims to strengthen the data rights of EU residents, increases fines for misusing customer data and makes it easier for people to uncover what data companies collect on them and to prevent such collection if they so choose. Since GDPR is already in effect, if you haven’t taken the time to get up to speed, now is the time to educate yourself.
Who is Bound by GDPR?
Every company, no matter where they or their servers are located in the world, must adhere to GDPR if they conduct business with anyone located in the European Union. This means that even if only a fraction of a percentage of your customers come from the EU, you must be compliant.
This includes basic database information like an EU customer’s home address, email address, mobile station international subscriber directory numbers, fingerprints or facial images. Furthermore, if your organization analyzes personal data collected by third parties and any of that data comes from the EU, you are still on the hook. Penalties for violating the GDPR are harsh: as much as €20 (about US$23 million, as of this writing) or 4 percent of your organization’s annual global revenue, whichever is greater.
Successfully Navigating GDPR
Transparency is the name of the game when it comes to GDPR compliance. For example, rather than forcing users into your newsletters and offers and requiring them to opt out, you must adopt the policy that opt-in is the only way to go. If you have not run a full-scale re-engagement campaign to get opt-ins from your EU customers, now is the time to do so, especially if you purchased any portion of your database or if any amount of data you collected was from scraping.
Under GDPR, EU citizens also have the “right to be forgotten,” which means you must delete their information immediately upon request. Those users will also have the right to receive their data in a machine-readable format, and take it with them anywhere. For many companies, this has meant making serious investments in their infrastructure. Finally, companies that have EU users or customers must inform users of a data breach within 72 hours of uncovering the breach, so in many cases, companies have had to develop new crisis plans.
GDPR has been a lot of work and has caused a lot of headaches for US-based companies, but only a few high-profile organizations have chosen to back out of doing business with the EU. Most companies have accepted GDPR and are anticipating similar regulations to spread around the globe, and are making the necessary adjustments to ensure compliance.
Are You Looking for IT Talent?
If your business is looking for tech pros who can help you stay compliant, the award-winning team at Talon can help. Contact us today to learn more about the ways we can help you achieve your IT staffing goals.