Will the new EU laws really have an impact globally? And of more immediate concern, do you, as a business owner, really need to adhere to these new rules?
In short, yes.
This article is going to explore some of the ways and reasons why, with a more detailed look at everything GDPR here.
WHAT IS GDPR?
GDPR stands for General Data Protection Regulation and it is a set of laws passed by the European Union (EU). Unlike traditional laws which only apply to people within a particular country, this regulation is designed to protect the data and privacy of EU citizens, from the rest of the world.
Which means any company that does business with, in, or for people who live in any country in Europe must be aware of the regulation stipulations and comply, or risk being assessed tremendous fines.
“Does business with” may be too broad a definition though, so let’s hone that down further to: “collects personal information from, including names and email addresses.” Which means that even if you aren’t selling products, but you are allowing site visitors to subscribe or have an offer emailed to them, you’re collecting personal data, and the GDPR applies to you.
What’s confounding some businesses is the realization that the regulations cover not just how data is collected and used, but how it’s stored as well. This means that any business that uses one or more of their own servers to store customer or subscriber data must now take that server’s environment into consideration. Who has access to the server, and therefore access to the data? What is the possibility for an error on the part of an employee which might accidentally expose that data?
Training employees to create a “Human Firewall” is something that every large business needs to consider, according to training firm Privacy Awareness Academy. That means teaching them how to handle personal data, as well as how to keep the technology surrounding that data secure.
And while it might seem that local businesses outside of the EU who only serve their local geographic region have nothing to worry about, that may not necessarily be true. Is it possible for a citizen of the EU to be visiting your location, happen upon your business, and leave you with personally identifying information? The truth is, very few businesses have the option to ignore GDPR stipulations, but…
WHAT IF I IGNORE THE GDPR ANYWAYS?
Do you have a spare 20 million euros laying around? Yep, that’s the maximum fine that can be imposed for being found in violation of the GDPR.
There are fines, sometimes massive fines, which are tiered depending on the egregiousness of the issue. The maximum fine is 4% of annual global turnover… that’s total sales revenue, not just net profit… or 20 million euros, whichever is GREATER.
Completely ignoring GDPR stipulations, ultimately, is a terrible idea. Even if you believe that you’re too small or too remote to be impacted or of interest, the fact is, GDPR is just the beginning. Anyone who thinks that the United States is indifferent to data privacy issues need only watch Mark Zuckerberg’s interview before Congress. While the U.S. Congressional body may be woefully behind in terms of their understanding and appreciation of these issues, legislation is only a matter of time.
The question thus is, how ready are you for GDPR not should you BE.