General Data Protection Regulation (GDPR) is a European Union (EU) regulation designed to protect European citizens’ personal data and place more stringent rules on those who handle that data.
These rules go into effect in just a few days, on May 25, so time is running out.
What US Companies Need to Know
Even if a US company has no direct EU operations, it may still need to comply with GDPR. According to legal experts, “[GDPR] applies to any company that has personal information of EU residents or citizens or that conducts business in the EU, regardless of its home country.”
Once GDPR goes into effect, organizations will no longer be allowed to collect, process or use an EU citizen’s data without explicitly asking for consent and providing context on how the data will be used. In general, this means a company must limit the use of the personal data and maintain it securely. Specifically this means:
Customers will be able to ask companies for the information they hold on them — via a “subject access request” — and businesses will have to provide this for free. Action Item: Establish an efficient internal protocol for handling such requests.
Data subjects have the right to be “forgotten” — to have their data expunged. And they may revoke consent at will. Action Item: Establish clear and actionable processes for deleting data.
Fines for Noncompliance Can Be Steep
Organizations can be fined up to 4 percent of global revenue for noncompliance. These fines will vary depending on the specific transgression, however, and we don’t yet know how strictly the EU will enforce the new regulations.
Despite these unknowns surrounding GDPR, it’s important for American companies to take action now. This is advisable not just for legal reasons, but also because adherence to GDPR should lead to greater customer trust and loyalty.
Contact Pierpont today for more advice on how to prepare for and be compliant with GDPR.
The GDPR Soon Will Go Into Effect, and U.S. Companies Have to Prepare, from Epstein Becker & Green, P.C.
The key steps to GDPR compliance, from IT Governance.
Chris Ferris, Ph.D. and Pierpont’s Vice President of Digital Strategy, is an innovative communication leader passionate about digital marketing and customer-focused technologies. Outside the office, he is a lecturer in management at the Jones Graduate School of Business at Rice University (Rice Business), where he teaches a self-designed digital marketing course for MBA students.