Why you should care about GDPR
Matthew O. Fisch is senior vice president at Framingham data security provider Towerwall. Reach him at mattf@towerwall.com.
In about a month, Europe will begin enforcement of its General Data Protection Regulation, to prevent businesses from misusing or mishandling people's information. While GDPR was implemented on another continent, it will have a real impact on Central Massachusetts companies.
Privacy is one of the most important human rights we cherish. GDPR is essentially an enforcement of our right to privacy in the digital world. The creation of the GDPR regulation demands a conversation focusing on data ownership and control. Who owns the data and who controls it?
The importance of privacy may be best understood by examining the invasion of privacy in our daily lives. Think of invasion of privacy in terms of physical intrusions (i.e. planting secret recording devices) or informational intrusions (i.e. employer reading personal email). Confidentiality, personal data protection, data encryption, data security, anonymity, and adherence to fair information practices create an informational dimension to privacy.
GDPR is the European law governing how your personal data is protected. The regulation defines rules relating to the processing of personal data and the free movement of personal data. If your business deals with personal data from a citizen of the European Union, then your business falls under the requirements of GDPR. There are no exemptions for small organizations. If your organization collects or processes data from EU citizens regardless of their location, then GDPR applies to you.
As the enforcement date of GDPR nears (May 25), any company caught in non-compliance may face fines of up $24 million (20 million euro) or 4 percent of previous year revenues, whichever is higher. The soft cost of reputational damage could be even higher. In the aftermath of British telecom TalkTalk's data breach, the company lost more than 100,000 customers and was fined $500,000 by English authorities. The news was noteworthy for being one of the steepest fines ever levied on any company.
PwC reports 92 percent of U.S. multinationals named GDPR as a top priority. Most of these companies surveyed plan to spend $1 million or more on compliance. Nobody can tell you what non-compliance with GDPR will cost a business, but there's a good chance it will prove more expensive than abiding by its rules. Be smart, reach out to a GDPR consulting firm to perform a risk assessment and business impact analysis so you can fully understand your exposure.
Privacy concerns among consumers is top of mind like never before, compelling businesses to invest in GDPR. Like all regulations, this is complex. There are 99 GPDR articles to be examined for applicability to your business processes.
GDPR requirements formalize a set of principles you should already be following. If this prompts companies to review the data they collect and assess whether they need to store it, then that's a good thing. Too many companies neglect to protect customer data, so this creates unnecessary risk.
There's no excuse for neglecting to create privacy policies. Companies should not treat data protection as something optional.
WBJ Web Partners
Most Recent
Most Recent
0 Comments