The European Union’s General Data Protection Regulation, better known as GDPR, swung into full enforcement May 25, 2018. It was enacted to offer certain protections to EU citizens regarding their personal information. Though it was passed two years ago, SMBs and corporations without an international business model largely ignored it until the enforcement went into effect a month ago. You have likely noticed updated terms and conditions on many websites you visit. Understandably. It’s brought up a lot of questions for businesses and organizations everywhere.
Here’s what we want you to know:
Through GDPR any citizen or resident of the European Union has increased control over their personal data. It does this by clarifying the rules and responsibilities for any company who collects or processes personal data of citizens or residents of the EU, regardless of where that company is located. The GDPR also empowers EU citizens with expanded rights about the collection and use of their data, with which companies are required to comply with. EU residents can even object to how their information is being used and can revoke their consent for the use of their information at any time.
As an organization in Atlanta, Georgia, USA, this all may sound completely irrelevant to you at this point. However, the possibility remains that you might have web traffic coming from the EU and you may not even realize you’re collecting information on those users, via cookies and web tracking. Or, perhaps someone from the EU signs up to your email list. Remembering that the internet is a vast place and all things are possible, it’s important to ensure that your company is compliant with the GDPR. Failure to do so could result in trouble down the road, including fines.
The European regulations are reshaping the way major companies approach user data. Global corporations are extending the new data paradigm to America and have already touted the benefits in Congressional Hearings.
While GDPR has immediate implications for businesses worldwide, regulations like this tend to travel. The comprehensive law was implemented so smoothly that it is seen as the harbinger of a global shift towards increased privacy and respect for the sanctity of digital identities. Analysts anticipate similar regulations appearing in the US in coming years.
Californians are expected to vote on a newly proposed data privacy law called the California Consumer Personal Information Disclosure and Sale Initiative. This new law would allow residents to request copies of data collected about them and affords them the right to know what third parties that data has been sold to and request that their information not be shared or sold. And the United States Supreme Court just passed a ruling requiring that police get a search warrant to review cell phone records that include data like a user's location. While this is not an imposition on businesses, it aligns with the global trend of increased privacy protections.
Even for companies that are not subject to specific regulations yet, the tide has turned, and consumer and privacy advocates are gaining traction. People want to know their information is safe; otherwise, they are going to be less willing to part with it than just a couple of years ago. And businesses who rely on any kind of personal information – whether that’s site browsing habits, names or even email addresses – will do well to address and reassure those concerns head-on. Ignoring them will be considered one of the most egregious business faux pas of our times.
GDPR is something we’re addressing with clients during their strategic quarterly business reviews in the coming months. We want to help our clients meet the existing requirements that they are subject to, but also start thinking about how they can offer more data assurance.
Our solutions partners are already compliant and offering solutions that can help ensure compliance and better protect client information. Clients are encouraged to bring up their concerns with us sooner rather than waiting so we can help you determine if you are affected and what to do about it
GDPR is just the tip of the iceberg, with more regulations and customer expectations expected to follow suit. The time to meet the privacy demands of our times is now. With the end of the Wild-Wild-Web comes a lot of uncertainty for businesses, even ones that operate on a local level. As the data protection revolution continues to evolve, ProviDyn is here to serve as your trusted advisor. Our team can help you identify what data you might be collecting, how it’s being stored and what solutions are essential for keeping you compliant, so you can ease your fears.
For more information about the specifics of the GDPR, we recommend reading This Tech Republic article covering the details about compliance that you need to know.
Are you an Atlanta-area business or non-profit organization worried about the impact of GDPR? We can help. Contact us by phone at 404-551-5492 or online.