For nearly a year, everyone has heard about the European Union’s General Data Protection Regulation and how it’s going to change the way data is collected and protected. Before the May 25th deadline approaches, businesses in the US need to know whether they must comply with GDPR requirements.
What Is the GDPR?
The European Union (EU) created the General Data Protection Regulation (GDPR) in an effort to protect people in the EU’s personal information. This includes medical information, email addresses, financial data and anything relating to children. The new regulation will go into effect on May 25th, 2018.
According to the GDPR, businesses must notify an EU regulator within 72 hours once they have determined a breach has affected a person’s information. If organizations don’t comply, they will be met with huge fines and penalties. By the end of 2018, Gartner has estimated that over 50% of businesses won’t be compliant.
Will It Affect US Businesses?
Any organization that collects personal data from anyone in the EU or is actively targeting EU markets must comply with GDPR requirements even if a financial transaction doesn’t take place. To be “actively targeting” means that their website addresses EU customers, accepts their currency or is in their language. Typically, this will be companies in the travel, software, and ecommerce industries.
Even if American businesses aren’t affected by the GDPR, they should still consider implementing the same regulations as it will give them a competitve advantage. Plus, it will protect them from potential lawsuits, reputation damage, and more. Already, many organizations in the US have compliance requirements they must meet such as HIPAA and SOX.
Data regulation is not going away. Instead, we’re going to see an increase in governance concerning personally identifiable information.
Here’s Some Facts You Need to Know About the GDPR:
1. EU citizens are not protected by the GDPR if they are not in the European Union when they share their information.
2. People can ask for their personal data to be deleted if it’s no longer required.
3. Organizations must be able to provide detailed information on how personal data will be used as well as proof of consent.
If you have any questions or are unsure if you must comply with the GDPR, then give us a call at 704-658-1707 or email us at firstname.lastname@example.org.