One of the most significant series of regulations to go into effect regarding consumer data security and privacy, at least for consumers residing within the European Union, is the General Data Protection Regulation (GDPR).
Reciprocity Labs describes it best: “the GDPR is now a reality that is expected to significantly change the way organizations process personal data and respond to data breaches.”
The GDPR is a serious new regulation that covers a vast arena of subjects when it comes to consumer privacy, and you’ll pay a hefty price for not being in line.
Here are the top things that you need to know about the new GDPR regulations:
It’s Already In Effect
The GDPR officially went into effect in the 25th of May, 2018, so it’s in effect as you are reading this. If you haven’t yet taken the necessary steps to become compliant, you’ll want to change that, because as we’ll soon see the penalties for not being complaint are incredibly steep.
There’s A Good Chance It Applies To You
Is your business physically located in the European Union? Do you sell products or services to consumers who live in the European Union? Do you monitor people’s behavior in the European Union? Is your business registered in a country in the European Union?
If you answered yes to just one of those four questions, the GDPR affects you directly and you will need to be compliant with it. Yes, this means that even if you only sell just one product to just one person who resides in the EU, you fall under GDPR regulations.
You Must Obtain Consent From Consumers
Specifically, you need to obtain consent from European Union customers in order to store their data, and you can only store the particular data that you receive consent for.
Gone are the days where EU consumers can give you their data, such as their address or bank account number, without having to sign a consent form. If you obtain the data from any person living in the EU without their express consent, you’ll be subject to penalties.
You Must Report Data Breaches
Do you have a data breach at your business, you will need to report it to the GDPR authorities right away and immediately take action to correct it.
Furthermore, if you have a large company or corporation especially, it would be wise to hire a DPO (Data Protection Officer) who will be tasked with ensuring that your company is compliant with the GDPR and can report to the authorities directly.
The Penalties Are Unforgiving
‘Unforgiving’ is actually putting it rather lightly. If it is discovered that your company is violating the regulations set by the GDPR, you will be fined either twenty million Euros or $5 of your global turnover, whichever is larger.
Staying In Line With The GDPR Regulations
The new GDPR regulations are simply not anything that you can afford to ignore, and possibly quite literally. It’s simply a part of reality now, so if you haven’t yet taken the time to ensure that you are compliant, you’ll want to get on that right away.