What is GDPR?
At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
If your company does any form of trade with customers within the EU, then GDPR rules will apply to you.
Failure to comply could result in organizations being fined up to 20 million euros or four percent of annual global turnover – whichever is higher.
Why is the GDPR needed?
Data breaches always happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it and those people often have malicious intent.
Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.
Will the GDPR impact my company?
The short answer is that if your company does any form of trade with customers within the EU, then GDPR rules will apply to you. To ensure that your business is GDPR compliant, it is essential that you review your consent policies and procedures to verify that these meet the new higher standards.
The risk to your company? High levels of fines as well as damage to your brand and reputation.
What are the new requirements?
Privacy by Design – Privacy by Design (PbD) has always played a part in EU data regulations. By with the new law, its principles of minimizing data collection and retention and gaining consent from consumers when processing data are more explicitly formalized.
Data Protection Impact Assessments (DPIA) – When certain data associated with subjects is to be processed, companies will have to first analyze the risks to their privacy. This is another new requirement in the regulation.
Right to Erasure and To Be Forgotten – There’s been a long-standing requirement in the DPD allowing consumers to request that their data be deleted. The GDPR extends this right to include data published on the web. This is the still controversial right to stay out of the public view and “be forgotten”.
Extraterritoriality – The new principle of extraterritoriality in the GDPR says that even if a company doesn’t have a physical presence in the EU but collects data about EU data subjects — for example, through a website—then all the requirements of GDPR are in effect. In other words, the new law will extend outside the EU. This will especially affect e-commerce companies and other cloud businesses.
Breach notification – A new requirement not in the existing DPD is that companies will have to notify data authorities within 72 hours after a breach of personal data has been discovered. Data subjects will also have to notified but only if the data poses a “high risk to their rights and freedoms”.
Fines – The GDPR has a tiered penalty structure that will take a large bite out of offender’s funds. More serious infringements can merit a fine of up to 4% of a company’s global revenue. This can include violations of basic principles related to data security — especially PbD principles. A lesser fine of up to 2% of global revenue — still enormous — can be issued if company records are not in order or a supervising authority and data subjects are not notified after a breach. This makes breach notification oversights a serious and expensive offense.
Our Service Process
We understand the new GDPR Compliance and can make sure that your organization complies with them. You won’t need to know the letter of the compliance and risk fines for misunderstanding or misinterpreting it, because you will have used our services to turn complex legislation into simple implementation plans.
I NEED TO COMPLY WITH THE GDPR