What Is GDPR? And What Does It Mean For Your Business?
September 07, 2018
For the past two years, GDPR has been making headlines, most of which detail the challenges faced by companies preparing to meet the demands of this new legislation. Even now, difficulties remain — recent survey data found that 28 percent of organizations still aren’t compliant, and 20 percent are worried they won’t pass their first audit.
It’s no surprise, then, that businesses have questions: What are their responsibilities under this legislation? What potential benefits (and drawbacks) exist? What’s the next step?
Let’s start at the beginning: What is GDPR? And why does it matter?
The General Data Protection Regulation (GDPR) is European Union (EU) legislation that replaces the Data Protection Directive. It was approved by the EU parliament in April 2016 and went into effect on May 25, 2018. The intention of GDPR is to unify existing EU privacy law and offer better protection to consumers by giving them more control over how their data is collected, handled and deleted.
Although GDPR is a European law, it also affects any U.S. company that does business with citizens or businesses of the EU — this covers everything from typical corporate partnerships to occasional contractors to one-off e-commerce purchases.
Simply put, it’s impossible to avoid the impact of GDPR.
Along with a focus on data privacy, GDPR also comes with new requirements for data collecting and handling. First, in almost all cases companies must obtain and document consent from users to collect and use data, meaning it’s critical to develop clear and reliable consent processes. In addition, all organizations must maintain a register of data breaches and (where possible) report any breaches to both regulators and data owners within 72 hours.
Failure to comply with GDPR legislation could lead to fines of up to 4 percent of annual global turnover, to a maximum of 20 million euros.
Key Business Benefits
Despite increased data handling expectations, there are several benefits of GDPR including:
- Improved data security — With almost-immediate breach reporting now required, companies are quickly implementing role-based access requirements and two-factor authentication. The result? Improved data security.
- Increased consumer assurance — Companies in compliance with GDPR employ data protection officers (DPOs), conduct regular data audits and follow the “privacy by design” mandate, allowing them to meet increased consumer expectations.
The sheer scope of GDPR also comes with some drawbacks. One is cost: A recent study found that companies are still unable to accurately quantify their spending on data protection.
Another is changing expectations. Debate continues about handling the data of minors (16 years and younger) and exactly what constitutes “legal use” of data under GDPR, meaning companies must stay up-to-date with legislative evolution to ensure ongoing compliance.
Bottom line: No matter where your business operates, GDPR matters. And despite potential benefits, the challenge of implementing GDPR requirements is daunting for any organization.
Access One can help. Our secure cloud solutions, managed IT security and virtual CISO services give your organization the cost-effective edge needed to adopt GDPR best practices and enjoy the long-term benefits.
We’re ready when you are.