Have you been receiving a lot of emails about companies’ changing their privacy policies lately? That’s because of the GDPR went into effect on May 25th, 2018. Today, I’m going to break down what is GDPR and what it means for US business owners.
GDPR stands for what?
General Data Protection Regulation.
What is GDPR?
GDPR is a new set of rules designed to give EU citizens more control over their data. The goal of the GDPR is to simplify the regulatory environment for businesses.
Almost every service we use involves the collection and analysis of our personal data. Whenever you complete a transaction on the internet, your name, address, credit card number, and more are collected and sorted by organizations.
The new laws center around the privacy and consent of personal data.
How did the GDPR come to be?
In January 2012, the European Commission set out plans for data protection reform across the European Union to make Europe “fit for the digital age.” All organizations are expected to be compliant with GDPR by May 25, 2018.
What is GDPR compliance?
Under the terms of GDPR, companies can only gather personal data legally and under strict conditions. It is the job of the company to protect the collected personal information from misuse and exploitation. Failure to do so would result in penalties and fines.
For example, let’s say a company has a data breach and the hacker leaks the personal data of its customers. If that company is not GDPR compliant, it gets hit with a penalty.
Failure to comply with GDPR can result in a fine ranging from 10 million euros (that’s $11,748,190 US) to four percent of the company’s annual global turnover.
Who must follow GDPR laws?
GDPR applies to any organization operating with the EU, as well as any organizations outside of the EU which offer goods or services to customers/businesses in the EU.
What does this mean for an American business?
GDPR will impact US business. Any personal data from citizens currently residing in the EU must comply with the GDPR even if that company is outside of the EU.
For example, if a US-based retailer is running a campaign in Germany that requires the German user to submit an email address, the retailer now needs to report the following to the user:
- Explanation of how the company plans to use their email in future.
- Ask the user for their permission to use their email.
If that user gives the OK to the US retailer, the retailer now must store that data following the GDPR compliance rules.
The GDPR can be a lot navigate through. If you have any questions or are unsure if you are GDPR, please don’t hesitate to reach out to a compliance expert. If you don’t know an expert, we, at MRW Systems, would happy to point you in the right direction.