The General Data Protection Regulation, or GDPR, is coming into effect on 25th May 2018 and many businesses are contemplating how it will affect them and what they need to do to comply.
And rightly so! There is a lot to do.
As a fortified replacement of the 1995 Data Protection Act (DPA) (95/46/EC), the GDPR gives individuals more control over how companies use their data and what they do with it afterwards! This is especially important with the current ways cloud and internet technologies generate, gather and store individual’s identifiable information, classifying it by:
Tougher data protection laws mean harsher fines will be imposed for non-compliance or breaches and this can be up to €20 million or 4% of your global annual turnover (whichever is greater).
Depending on a company’s size and whether it is part of a group, fines could be seen in the billions of euros, potentially suffering more than one penalty if multiple violations are discovered.
Data protection fines of this scale have been rare in the past, but they are not unheard of – €1.46 million for 35 Lidl distribution companies, for example – but the frequency is set to rise when the GDPR is enforced.
So, it’s imperative to start looking into how you can become compliant!
Whether your business is inside the EU or not, if it deals with EU citizens and your Data Controller and Processor uses and stores their data, the GDPR will apply to you.
Article 5(2) of the GDPR states “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”.
The principles being that Personal Data shall be:
“Accountability and Governance” is a major addition to the principles already found in the DPA and puts considerable legal obligations on the Processor. It makes them specifically responsible for these six principles above, especially if a breach occurs.
Now, you might be thinking, "Hold on, my business isn’t even in the EU! How come I’m affected by this?”
Well, this is due to an additional ‘Extra-Territoriality’ clause, which extends accountability to ANY Data Controller or Processor of EU data. This is designed to include social networks, e-commerce companies, and other Internet-based organisations.
Unfortunately, if you use or store any EU Citizen’s identifiable information, you must be compliant too!
New legislature, a fast-approaching deadline, and an intimidating penalty if found non-compliant are facts that are making most businesses anxious to ready themselves for 25th May 2018.
However, a study commissioned in February/March 2017 by Veritas, an American international data management company, shows 86% of the responding businesses were worried about the GDPR implementation.
Companies from countries across the globe but with EU dealings, were asked a number of key questions about GDPR. Here are the questions and the key takeaways from the responses:
"What concerns you the most about the potential fallout from your organisation not being in compliance with the GDPR?"
Answers:
"What concerns you most about readying your business for GDPR?”
Answers:
32% concerned they cannot manage data effectively, not having the proper technology. This would jeopardise their ability to search, discover and review data (essential for the GDPR);
39% concerned their organisation cannot accurately identify and locate data (again essential: the GDPR instructs that Personal Data is able to be located in a very short time frame.)
42% concerned they are unable to 'value' data by determining which data should be saved. (Organisations can only store personal data that’s being used for its original intent. It must be deleted thereafter. Failure = fine.)
39% are worried about having to delete data from their systems (dark data), which may have proven useful in the future
30% are worried about being unprepared to protect personal data from breach, loss or damage.
"Are you worried about these factors when implementing the GDPR in YOUR business?"”
Answers:
As GDPR will be coming into effect quite soon, it is really important to know who will be affected by the new regulations and what changes need to be done in order to make your business compliant.
The data management company said by the time 25th May 2018 rolls around, the 900 businesses they interviewed expect to have spent over €1.3 million to achieve compliance with the GDPR. So, how do you start the ball rolling?
Inbound FinTech is an award-winning digital growth agency and Elite-Tiered HubSpot Partner. We help FinTech businesses significantly improve their marketing performance.
We can transform your lead generation process, boost website traffic and help you to attract your ideal customers and generate quality leads through proven inbound marketing tactics and strategies. Explore our website development and design services or contact our friendly team to chat about a potential project.