The EU GDPR.Why this isn't another case of bendy bananas
The European Union has a reputation for enacting silly laws such as the laughably infamous “bendy banana law” that dictated the standards for selling bananas. And yes, this is the same body that told us that water bottles cannot be labelled with claims of preventing dehydration, the minimum percentage of meat that can be in sausages (not necessarily a bad thing) and that you can eat horse meat as long as it wasn’t from your pet horse.
Yet, the upcoming enforcement of EU General Data Protection Regulations (aka EU GDPR) is different. Failure to comply with the soon-to-be-enforced regulations that dictate how any company secures the information of any European citizen will be fined 20 million Euros or 4% of annual turnover - whichever is greater. Not laughable at all.
Remember these are also the people that took Microsoft to task in an antitrust case, pushed Apple and others on tax avoidance schemes and frequently crosses swords with Google on its alleged monopolistic behaviour.
Any organization that handles PII of an EU citizen can be held accountable under these laws regardless of where they are located. Even if your company is based in the Americas or APAC, you’re at risk if you have any EU employee or customer data residing in your system. The long arm of the EU will be able to reach you.But what do we need to know about the GDPR? What does this mean for the average company? Is it just for the global “whales”? Is this just a concern for those based in Europe? If you don’t already know the answers to those questions, you’re not prepared.
Even if your company hasn’t been hiding under the proverbial rock for the last few months it’s probably safe to say that awareness of GDPR within your organisation is fairly limited. Yet, it’s a growing concern for those who understand how it will impact businesses.
The extra-territorial applicability of the EUGDPR is just one element of the new regulation. The regulations stipulate new rules for gaining consent to store and process personal data, when and who to notify when a data breach occurs and enforces an individual’s right to have their data erased – their Right to be Forgotten.
We recently published an ebook that delves further into the regulation and what considerations an organization needs to put in place in order to be compliant. There is also a new website eugdpr.org that provides more details and resources for you to peruse at your leisure.
The EU GDPR was approved by the EU Parliament on April 14 2016 and will be enforceable by May 2018. Two years will go fast, we need to start preparing and implementing what it will mean for our organizations. The laws are real and the fines are going to be very real. This doesn’t fall into the same category as dictating how bendy our bananas can be (although thankfully even the EU saw how wasteful this law was becoming and had it re-peeled).
Don't let the EU GDPR take a bite out of your organization’s profits. Read GDPR 101: Demystifying the EU General Data, to understand how the regulations may impact your business and how to avoid that impact.