In 2016 the Parliament of the European Union approved the GDPR, or General Data Protection Regulation, which will take effect in May of 2018. This law is meant to protect the personal data of EU citizens, but perhaps the most significant thing about it is that it applies to businesses and governmental organizations worldwide that handle personal information of EU citizens. There’s just one problem- many businesses aren’t prepared for it to go into effect.
After the Brexit vote many businesses in Great Britain halted their preparations for GDPR, mistakenly believing it would no longer apply to them once they left the European Union. There are a couple of problems with this- Great Britain already ratified the GDPR, and Great Britain will still be in the European Union for a significant period of time after GDPR takes effect.
In the United States 77% if businesses have begun preparations for the GDPR, but only 6% are fully prepared for it to take effect. One major problem is that there will be nearly 30,000 GDPR data protection officer positions that will need to be filled and there just aren’t enough qualified candidates at this point in time. Two thirds of American businesses believe they will have to change their strategy on doing business with the European Union, and 85% believe the GDPR will make it harder for American businesses to compete with EU businesses.
There are some pretty still penalties for noncompliance with the GDPR. The law protects personal data such as name, location, identifying numbers, IP addresses, cookies, and RFID tags, as well as sensitive personal data such as health data, genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation. Fines for noncompliance in protecting these data categories for EU citizens can reach €20 million or 4% of global annual turnover.
Over 80% of data privacy professionals believe that the GDPR will have a positive impact on personal privacy, but companies still have a lot of work to do to prepare for it. They will need to conduct a risk assessment, create a data protection plan, implement stricter security measures, and possibly even hire a data protection officer. Reports will be required within 72 hours of a data breach, so having everything in place will be crucial to maintaining compliance.
Learn more about General Data Protection Regulation GDPR and how it may affect your business from this infographic! Are you prepared?