April 19, 2018
Though GDPR or the General Data Protection Regulation is for the protection of Europeans, that doesn’t mean US companies can ignore it. If your organization works with or has members that are based in Europe you must adhere to these guidelines. Though it has been in the works for some time, it fully goes into effect on May 25, 2018. Here are 5 myths that many people believe about GDPR.
It’s a European thing, and we’re an American company so we don’t have to worry about it. Wrong. The GDPR is just that, a protection act. It is designed to protect citizens of the EU. So if you have any members in Europe you’re on the hook for compliance.
The consequences of data breaches are not severe. Sure, Equifax, Facebook, Target and any number of American companies may get away with a slap on the wrist for sharing your personal data, but European companies see this as a much more egregious fault. You can be charged a percentage of your annual revenue if you are found to be in violation.
We have to time to deal with the consequences of a data breach. Actually, you don’t. From the time you find out about a data breach, you need to notify your members within 72 hours. Instead of being reactive, a proactive policy is best. Draft a letter to go to your members that you’ll have ready in case of a data breach. Hopefully, you’ll never have to use it.
What’s the worst thing that could happen? We’ll apologize and all will be right again. Not exactly. The fines with GDPR are enormous. Companies can be fined up to 4% of the company’s worldwide revenue or €20 million, whichever is more. I don’t know many organizations who can afford to brush this off, do you?