The General Data Protection Regulation (GDPR) is a European regulation that is coming into effect on the 25th of May. The regulation contains sweeping changes and wholly replaces Europe's 1995 Data Protection Act, which was only introduced four years after the public got widespread access to the first stages of the world wide web. But what are the key components of GDPR, why is it important for businesses around the and how is it already affecting your business?
What is GDPR?
GDPR is a European regulation that applies to all European Union member states, from France to Estonia. Its primary objectives are to establish data protection as a fundamental human right, strengthen baseline data protection requirements and to provide a standardized suite of data protection rules. The effect GDPR could have on the entire globe is enormous. The EU's GDPR legislation focuses on empowering the digital rights of consumers and imposes much harsher penalties on businesses who fail to report security breaches. Although this is European legislation, it directly affects any business (including your own) that interacts with any European resident, including storing and processing European residents' data. This means if you sell or post anything to Europe, operate selling European realty within Europe or provide any kind of open services that Europeans could access, you are subject to GDPR and, in extreme circumstances, you could be subject to upwards of €20 million ($24 million) in fines.
Why is GDPR being implemented
GDPR and generally increased data security has become a necessity in the 21st century. Stories such as the recent Cambridge Analytica scandal or the Equifax hack hoax which has affected up to 143 million Americans, have made it clear to the public that increased data protection is a necessity. Although GDPR was put together and adopted by the European Parliament and Council in April of 2016, issues then, just like the issues now are highlighting how important this is. It is also being implemented as the 1995 Data Protection Act is now seen as incredibly out of date, drawn up for a digital world facing different, rather outdated issues.
rawpixel, via Pixabay
How is it affecting your business, and what can you do?
As mentioned above, if your business is not GDPR compliant and is handling European citizen data, you could be facing some pretty hefty fines. In fact, most European citizens acknowledge that GDPR is a good thing for them, with 82% of European consumers ready to apply their new rights when GDPR becomes live. If you're not compliant, you will face fines unless you remove your business from all potential interaction with Europe. Both will cost you a lot of money.
Becoming GDPR compliant will involve a thorough investigation into your company's data practices, and possibly the creation of new roles specific to data security. It will be a lot of work but, considering a significant number of American businesses are not yet compliant and are not showing evidence of attempting to become compliant, it will put you ahead of many other businesses before they even realise it.
GDPR is a significant piece of legislation, and it's a shining example of how globalization is making more and more businesses have to pay attention to the actions and legislation of other territories. It's an important step for increased data security, and it's providing a lot of new opportunities for businesses tackling the regulation and even becoming more appealing to consumers.