The European Union's General Data Protection Regulation (GDPR) has significant impact for those doing business internationally. Are you prepared?
In May 2018, the GDPR went live, providing one set of personal data protection rules for companies doing business that involves European Union (EU) citizens-wherever the companies are based. If you work with EU clients or have EU-based operations, you need to conform to the GDPR to avoid costly infractions. Fines of up to 4% of your annual global turnover can be assessed for breaching GDPR regulations.1
What personal data is affected? The GDPR pertains to any personal information of an identifiable living EU resident. It includes name, address, identification numbers, personal email and IP addresses, cookie identifiers, mobile phone location data, and more. GDPR protections are technology-neutral; they apply to personal information regardless of the data processing technology used. The regulation extends to data subjects-clients, employees, and all other contacts-residing in the EU.
The GDPR updates consent rules and practices. Compliance with the GDPR requires you to gain consent from data subjects to keep and use their data. Your request for consent must be easy to understand and stripped of all jargon and legalese. Consent must be distinguishable from other matters pertaining to the data subject, who should be able to easily withdraw consent.
Data subjects gain new rights from the GDPR. Data subjects must be notified within 72 hours of data breaches that put their rights and freedoms at risk. Subjects have the right to know what personal data is being processed, and where and why their personal data is being processed. They also have the right to receive their personal data or have it erased.2
Data privacy must be designed into systems. Your IT systems must implement appropriate organizational and technical measures to keep subject data private. The regulations require you to process and keep only the data absolutely necessary to your operational needs, and that data should be suitably safeguarded from unnecessary access.
Financial advice for a world of opportunities. Whether you need financial advice or professional consulting, contact me for the best ideas on securing personal information.