In the wake of Facebook’s scandal with Cambridge Analytica that exposed the private data of more than 50 million Facebook Users, the digital world will now see a shift to privacy protection from the European Union after May 2018.
This in mind, as a company that reaches customers across the globe, you must be especially considerate of this regulation for reasons shared in this blog post.
If your organization is part of the digital world, it’s crucial you do your research to discover how and if you are affected and compliant.
The European Union’s GDPR (General Data Protection Regulation) will officially take effect as of May 25, 2018, to protect Users from data harvesting scandals such as the now infamous one between Facebook, Cambridge Analytica, and over 50 million Facebook Users.
In short, the GDPR provides a single set of rules to strengthen data protection and privacy for residents of the European Union while imposing a vast set of new regulations on organizations who collect or process the personal data of these residents.
Organizations that do not comply with the GDPR are subject to face harsh penalties.
The original adoption of this standard happened in April 2016, but as of May 2018 eradicates its former patchwork approach into a single framework that all states of the EU are now bound by.
According to Splunk.com, this version of the GDPR Compliance offers “greater predictability and efficiency for business and offers EU citizens increased data protection rights.”
Though your organization may not be based in the European Union, if you are a marketer or content distributor to residents living in the EU (European Union), you must be aware of the regulation and become compliant as this regulation applies to any organization collecting or processing the personal data of EU residents.
This post is not meant to scare you, but make you an informed marketer and content distributor.
Since the deadline for GDPR Compliance is fast approaching, we at Ledgeview wanted to do our part to make you aware and proactive.
Though the regulation in its entirety warrants your attention, there are key takeaways you should keep in mind.
First, you must consider how you are storing data.
For any processors or controllers of data, you must take this compliance seriously to avoid facing the hefty consequences.
Under the GDPR, the types of data that the regulation is applicable to is “personal,” but you must be wary of how “personal data” is defined within the document.
Under Article 4 of the EU-GDPR, personal data is defined as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”
Further, “sensitive personal data” goes on to refer to any personal data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to criminal offenses and convictions are addressed separately (as criminal law lies outside the EU’s legislative competence).”
Though the regulation may come across as fairly direct, it’s important you be aware of these specific details in relation to how you gather and process data within your organization.
The cost of compliance failure is rich.
According to Pragmatiq Solutions, penalties of as much as 2% on annual worldwide revenue, or $10 million could be faced, whichever number is higher for the penalized organization that has failed to inform the data protection authority within 72 hours of a data breach.
Other fines grow steeper directly in relation to the specific case.
Pragmatiq Solutions recommends the following actions you can take to ensure you are GDPR Compliant:
” 1. Discover and identify the personal data you have and where it resides.
2. Manage and govern how that data is used and accessed.
3. Protect and establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
4. Report and execute on data requests, report data breaches, and keep required documentation.”