GDPR Requirements: What they Mean for US Companies
Protect your customers from data security and data privacy dangers, or else: That’s the primary message of the EU’s General Data Protection Regulations, which are going into effect this coming May. Yes, the GDPR requirements will only apply to European companies and companies that do business with European clients, but company leaders should think twice before deciding the deadline doesn’t affect them. Here’s why.
A company’s European customer component may not be as small as some CEOs believe.
The protections of the GDPR apply not just to European residents, but also to all of the data that belongs to them, no matter where that data is processed. Some companies handle or process data as subcontractors and may not know exactly where the owners of that information reside. Unless they’re absolutely sure of the origins of every one of their clients, all businesses should take the GDPR deadlines seriously, or….
Non-compliant companies will face serious fines and penalties.
Companies that flout the mandates of the GDPR or let things slide until the deadline looms on the horizon may feel an impact so strong, it undermines their financial stability. The European Commission is serious about data protection in our modern age of threats, and compelling cooperation means levying heavy consequences for those who resist change. Fines may include four percent of a company’s annual revenue or 20 million Euros, whichever is greater.
Basic GDPR recommendations are more manageable than some companies recognize.
There’s no need to feel intimidated or overwhelmed by the steps involved in protecting customer data and meeting the standards of the new law. In fact, the basic demands of the law can be broken down into four simple components:
1. Encrypt and attach pseudonyms to personal data,
2. Ensure the confidentiality, integrity, availability, and resilience of all data processing systems,
3. Restore availability and access to data after a breach or hack, and
4. Regularly test and evaluate the effectiveness of all data security processes.
Easy, right? If checking off each of these four essential items doesn’t sound manageable by May, now is the time to get the expert help necessary to put the process in motion. Contact the team at Marana and we’ll determine where you are on the compliance timeline and what steps you’ll need to take next.