GDPR Is Almost Here – Are You Ready?

General Data Protection Regulation (GDPR) is a European Union (EU) regulation designed to protect European citizens’ personal data and place more stringent rules on those who handle that data.

These rules go into effect in just a few days, on May 25, so time is running out.

What US Companies Need to Know

Even if a US company has no direct EU operations, it may still need to comply with GDPR. According to legal experts, “[GDPR] applies to any company that has personal information of EU residents or citizens or that conducts business in the EU, regardless of its home country.”

Once GDPR goes into effect, organizations will no longer be allowed to collect, process or use an EU citizen’s data without explicitly asking for consent and providing context on how the data will be used. In general, this means a company must limit the use of the personal data and maintain it securely. Specifically this means:

  • Explicit consent is required for each processing activity. For example, many websites that use cookies to track information about site visitors have begun using a small alert (like this one from CNN) to notify visitors to their site about how they track user data. Action Item: Review and (if necessary) update your privacy policy and terms of use, then consider adding a similar alert to your site.

  • Customers will be able to ask companies for the information they hold on them — via a “subject access request” — and businesses will have to provide this for free. Action Item: Establish an efficient internal protocol for handling such requests.

  • Data subjects have the right to be “forgotten” — to have their data expunged. And they may revoke consent at will. Action Item: Establish clear and actionable processes for deleting data.

Fines for Noncompliance Can Be Steep

Organizations can be fined up to 4 percent of global revenue for noncompliance. These fines will vary depending on the specific transgression, however, and we don’t yet know how strictly the EU will enforce the new regulations.

Despite these unknowns surrounding GDPR, it’s important for American companies to take action now. This is advisable not just for legal reasons, but also because adherence to GDPR should lead to greater customer trust and loyalty.

Contact Pierpont today for more advice on how to prepare for and be compliant with GDPR.

Additional Resources

The GDPR Soon Will Go Into Effect, and U.S. Companies Have to Prepare, from Epstein Becker & Green, P.C.

General Data Protection Regulation (GDPR) requirements, deadlines and facts: from CSO Online.

The key steps to GDPR compliance, from IT Governance.

Chris Ferris, Ph.D. and Pierpont’s Vice President of Digital Strategy, is an innovative communication leader passionate about digital marketing and customer-focused technologies. Outside the office, he is a lecturer in management at the Jones Graduate School of Business at Rice University (Rice Business), where he teaches a self-designed digital marketing course for MBA students.