Are You Prepared for the Data Privacy Laws?Blog, Business Tools, General Topics - March 15, 2017 admin 0 comments
The EU General Data Protection Regulation (GDPR) effective from May 25 2018 gives huge importance to data utilization.
American companies doing business in European Union need to comply with GDPR even if they do not have presence in EU, if they market to EU residents, even if it is in form of online sales only, they need to comply with the GDPR.
The cost of non-compliance can be enormous and can be as high as 4% of their gross income or €20 million, whichever is highest. It can take up to 16 months for medium sized organizations to become compliant and big organizations have already started preparing for it.
Fines of this scale could very easily lead to business insolvency and, in some cases, closure.
The GDPR expands the definition of personal data well beyond what people in the USA think of as Personally Identifiable Information. For example, in the USA, PII is usually thought of as information used to easily identify you, such as name, address, date of birth, social security number, credit card number, passport number, mother’s maiden name, etc.
In contrast, the EU’s GDPR regulations apply much stricter rules to protect its citizen’s personal data. For example, in addition to the expected Personal Identification Information, the GDPR also defines as personal data genetic information, health records, and even user’s computer’s IP address, mobile device ID and biometric data such as fingerprint or facial recognition data used to identity access or even indexing photos on the cellphone.
Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report states, “no locale, industry or organization is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.
Also it is advisable to understand how the data flow in the business processes need to be changed in this new circumstance to align with GDPR.
The required “Data Protection Officer” can be booked from the “German Association for Data Protection” and companies can contact the “German Association for Data Protection” for any help on European Data Protection.