New EU Data Regulation
The European Union’s (EU) General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The goal of the new regulation is to protect all EU citizens from privacy and data breaches in an increasingly virtual and data-driven world. Under the terms of the GDPR, organizations who collect and manage personal data will be required to protect it from misuse and exploitation.
Does This Apply to My Business?
The GDPR applies to any organization that collects, processes or uses the personal data of individuals residing in the European Union, regardless of the company’s location. This is a key difference from the previous data protection policy of 1995, which only impacted businesses in the EU.
This means that if your company is located in the United States but you provide goods or services to individuals in the EU and collect their data, the GDPR applies to you. In addition, if you collect personal data from individuals in the EU, such as email addresses, but you do not provide goods or services to those individuals, your company is still subject to the new regulations.
How Can I Prepare?
Another major change in the GDPR involves consent to collect data. Per the regulation, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Further, consent must be distinguishable from other copy, easy to both give and withdraw consent, and presented in clear, plain language.
Review your terms and conditions and any other documents containing consent language. Be sure that the language clearly states how you collect data, how you intend to use data, and how you will notify individuals of a data breach.
The GDPR applies to almost every major organization around the world. With the addition of massive fines for noncompliance (€20 million or 4% of a company’s global revenue), ethical practices in collecting and storing personal data is paramount. To learn more and determine if your organization is ready, visit the GDPR website