This post is sponsored by Microsoft’s Modern Workplace webcast – GDPR Impact (available on demand by clicking).
General Data Protection Regulation (GDPR) is a European Union (EU) regulation that strengthens data protection for all individuals within the EU, and which sets strict rules regarding the exportation of EU residents’ personal data to outside the EU (regardless of whether or not the residents are citizens of an EU country). The two primary purposes for which the EU enacted GDPR are to “enhance data protection rights of individuals and to improve business opportunities by facilitating the free flow of personal data in the digital single market.”
GDPR goes into effect in just over half-a-year, on May 25th, 2018; businesses must be in compliance by that date with GDPR’s strict rules regarding how they may collect, process, secure, and store, the personal data of EU citizens.
American companies are not exempt – GDPR applies to any business that processes consumer data belonging to EU residents, even if the company is outside the EU and even if the data is collected, stored, secured, and processed outside of outside of the EU.
A recent study found that only “3% of professionals whose role involves consumer data collection, storage, or processing fully understand what is covered by the upcoming GDPR.” That is scary thought – especially when one considers that any firm not compliant by May could face serious consequences.
What kind of consequences? Here are several:
Loss of Customers
Residents of the EU that find out that a company is not complaint with GDPR may take their business elsewhere. Furthermore, even non-EU residents may find a firm’s failure to comply with privacy regulations as problematic, and seek out competitors. Who wants to trust their personal information to a firm that doesn’t meet some minimum, legal standard for protecting it?
GDPR may be a set of privacy regulations, but violators do not benefit from privacy. Businesses that are found by regulators to be noncompliant risk serious reputational damage when news stories about their failure to comply appear in the press.
GDPR gives regulators tremendous power to punish violators –in some cases, fines can reach the greater of €20 million or 4% of global annual turnover for the preceding financial year – clearly no “small potatoes.” Whether regulators enforce such stiff penalties for first time violators is TBD; some regulators may wish to “prove a point” and “set an example” – so, we may see serious punishments for violations even from early on.
There is little doubt that lawyers will jump on the opportunity if (and when) personal data leaks from a business and that firm is then found to have been noncompliant with the regulations for protecting the sensitive data.
Here is the bottom line: Businesses have until May 28th to comply with GDPR. Failure to do so could turn out to be far more expensive for those that choose such a path, than would have been the costs associated with complying.
To learn more about GDPR, please register for and watch the free webcast, GDPR Impact, from Microsoft’s Modern Workplace.
This post is sponsored by Microsoft.