GDPR Basics for Tucson Businesses: What You Need to Know
On May 25, 2018, the European Union’s (EU’s) General Data Protection Regulation (GDPR) came into full force. It is the most important change in data privacy regulation in 20 years, replacing the the Data Protection Directive 95/46/EC.
While seeking to give the citizens of 28 EU countries more control over their personal data, at the same time, GDPR simplifies data regulations for both local and international businesses with a unified regulation that stands in the EU.
Despite the fast-approaching implementation date, there is still much confusion surrounding the GDPR, especially in terms of what it means and what businesses should do about it. In fact, it was found that 84% of SMEs are still unaware of these policies, which might have something to do with the fact that the entire policy is 200 pages long. With this in mind, Gartner predicts that by the end of 2018, more than 50% of companies will not be in full compliance with its requirements.
As a business owner, here are the basics you need to know about the GDPR.
What is the GDPR?
In a nutshell, the GDPR looks out for the data privacy of individuals by requiring businesses and organizations to provide and develop clear policies to protect personal data. It also pushes them to adopt appropriate technical and organizational measures.
GDPR was built around two key principles:
- Simplifying and harmonizing directives for international businesses by unifying the regulations within the EU
- Giving EU citizens and residents more control over their personal data.
In fact, with the GDPR, explicit content is required before companies can process data, and citizens can request for access or information as to how their data is used. The GDPR also allows citizens the ‘right to be forgotten’. This means that if they do not want you to process their personal data, or if you have no legal grounds for keeping the data, like if a person is no longer a client of your company, you must respect their decision.
Companies that are not compliant with the GDPR can be fined up to 20 million euros (about US $24 million), or 4% of global revenues—whichever is greater.
Will this Affect US Businesses?
One criticism of the GDPR is that they have not defined territorial scope adequately. But in a nutshell, the GDPR will apply to businesses that processes any data from citizens of the EU. Put simply, yes, the GDPR affects US-based businesses.
Before you get too worried, Article 3 of the GDPR states that the rule only applies if you collect personal data from an EU citizen within EU borders. But if the EU citizen is outside of the EU, GDPR does not apply.
Anyone found breaching any of these laws must be reported to the regulator within 72 hours (24 hours, if possible).
Final Thoughts: GDPR Basics for Businesses
With so much recent news about data breaches, the GDPR is a step in the right direction on controlling data privacy and will change the way Europeans approach data privacy. Once this is implemented and proves successful, there’s no doubt that more countries will follow suit.
Learn more about the GDPR on the EU’s website about this new policy.