On May 25, the General Data Protection Regulation – or GDPR – will come into force, affecting how millions of companies around the world can legally handle European Union citizens’ data. The legislation will not affect merely EU-based businesses, however.
In fact, any online-based business could potentially find itself ensnared by the GDPR’s net – as the legislation takes into account where these companies’ customers or users are based rather than the location of any of the actual companies. So, how could your own business be affected?
It’s a data: what you should know about the GDPR
Businesses that have yet to update or adjust their data-handling practices to bring themselves into compliance with the GDPR should act quickly. Failing to do so could trigger a charge of €20 million – the equivalent of about $25 million – for any violating business. The financial penalty could potentially be even higher – as much as 4% of the company’s annual revenue.
However, according to Forbes, less than 30% of companies surveyed by Forrester Research deem themselves fully compliant. Indeed, while many terms of the GDPR have been well-publicized, your own company could still feel rather in the dark about the precise implications of this legislation for its own practices – not least because some of the requirements conflict with existing regulations.
Nonetheless, the requirements stipulated by the GDPR can still be effectively summarised. Businesses will need to provide a “reasonable” level of protection for citizens’ personally identifiable information – or PII. Such information includes not just names and social security numbers, but also technical data pertaining specifically to web use – such as IP addresses and website cookies.
Other potential financial implications of the GDPR
While the financial punishments for being caught not complying with the GDPR look heavy, so do the expenses of ensuring such compliance ahead of May 25. One survey has revealed that over 60% of companies intended expenditure of over $1 million in their attempts to satisfy the regulation.
Given the lingering lack of clarity concerning exactly what constitutes a “reasonable” level of data protection, there could be large scope for missteps even by companies eager to fully adhere to the regulation. It looks like further rulings could help to better clarify the GDPR’s requirements; however, one survey indicates that 58% of participating American companies anticipate being fined.
How should you act as the GDPR nears?
It is telling that, as revealed by Business Insider, even Facebook does not appear entirely ready for the GDPR. Ahead of recently being grilled by US Congress, Facebook CEO Mark Zuckerberg was briefed with notes instructing: “Don’t say we already do what GDPR requires.”
Still, the struggles which Facebook and other corporate titans with similarly data-reliant business models, like Google, might face over GDPR should not excuse your own company from working hard to adhere to the regulation. For example, if you require EU citizens’ data for accounting purposes, a cloud accountancy firm like Accounts Lab could help you with GDPR compliance.