GDPR is a European Union Regulation on Data Protection and Privacy for people living within the European Union and European Economic Area, basically everything geographically West of the Middle East, North of Africa and South of the Arctic.
Europe is far better than America at Consumer-First Protections, standing up for peoples digital rights. This precedent stretches as far back as September of 1980 with the OECD Guidelines. More recently, in 1995, the European Convention on Human Rights - set recommended guidelines on the protection and privacy of personal data.
This was the EU Data Protection Directive known as DPD which GDPR expands upon and replaces.
The purpose of GDPR is to offer European citizens and residents protection over their personal data and requires companies to be upfront about the personal data they collect. Companies have to explain how they collect personal data, prove it’s handled safely, and clearly explain it, in language that’s easy to understand.
That means no confusing Legalese. It also requires companies to honor data deletion requests, "the right to be forgotten" and the "right to data portability” which compels companies to offer individuals a copy of their data in a common format, within 30 days and without charging them a fee.
Another Consumer Protection is the Mandatory Breach Notification. A data breach must be reported to customers within 72 hours of discovery.
GDPR also requires companies that collect large amounts of user data to hire a Data Protection Officer in addition to any current IT or data security personnel. This is the point person for compliance and liability.
So, as a company in the US, what does that mean for you?
Well, no one really knows. And we won’t know until the outcome of the first case . But it’s better to be on the right side of the law. In Europe, violating the GDPR carries a fine of up to 4 percent of a companies total global revenue.
American Businesses have two options, become GDPR Compliant or block online traffic from EU countries.
If you block traffic, your search ranking will be penalized by Google. So, I recommend complying with the new standard.
If you’re company isn’t confident it’s fully compliant, here are a few things you can do to prepare.
- Integrate your IT and Marketing Department.
- Hire a Data Protection Officer
- Educate Your Staff
- Complete a Data Security Audit
- Ensure your partners or third-party providers are GDPR complaint
Say It Ain't So Ladies (DJ Wild Yeti Is Still Single Mashmix)
The University of Warwick Big Band - Crazy In Love