Who Will Be Affected By The GDPR?

Sep 24, 2018

May 2018’s General Data Protection Regulation (GDPR) for EU nations is set to be one of the defining changes to cybersecurity in the last couple of decades. Why GDPR is significant is because it is one of the first swooping changes that highlights the importance of personal data protection for the digital age. Stricter laws enforced by governing bodies is a sign of progress. The European Commission had spent several years in the making, GDPR finally came into force on May 25, 2018. 

If you’ve been following any news over the past couple of years, you’re probably aware of the need for organizations to have stringent breach reporting norms and transparent consumer consent rules. Failure to comply can lead to huge fines up to a percent of your global annual revenue. 

“GDPR Doesn’t Affect Me” 

Despite widespread media attention on GDPR, many US companies are still operating in the dark over GDPR. We’ve heard many CIOs and CTOs dismiss the idea of any compliance, as they don’t have any direct business operations in any of the European Union’s (EU’s) 28 member statesThat’s a dangerous trap to fall into. Any US business that has an online presence, and markets their products or services to any of the EU nations will be required to comply.  

Many small and medium sized businesses also find themselves too overworked to focus on compliance. While others feel they can fly ‘under the radar’ as they’re not big enough to be targeted by the authorities for fines. None of these strategies are wise. Let’s remind ourselves that the reason GDPR came into being was because of the growing number of cybercrimes in the past few years. When government bodies step in and build a law specifically for a purpose, you know they’re taking it seriously! These regulations are expected to the first in the line of many, with California expected to follow suit in enforcing laws securing personal data online 

Do you really want to risk the long-term future of your organization with lawsuits and fines 

Know The Scope of GDPR 

Research from The Ponemon Institute shows that 60% of technology businesses aren’t ready for GDPR. Are you one of them? Here we look at some points on GDPR, that many miss 

Geographical Scope 

According to GDPR, any organization that collects personal data on an individual who is a resident of an EU nation, comes under its jurisdiction. If a subject is in the EU during data collection, they are subject to GDPR. However, the law does not apply for EU citizens living outside of the EU when the data is collected.   

Website And Online Presence 

The internet is a vast web of websites accessible to everyone. So, do you have to comply with GDPR if a European consumer comes across your US website? Here, the law gets a little tricky.  

If your website is found to the ‘targeted’ towards US-based consumers only, you are exempt from GDPR. However, if your website or any other online presence indicates marketing towards EU citizens, for example, your page translates to Dutch for a consumer in Amsterdam, you must comply. If your online presence makes references to EU-based consumers, you have to comply too.  

Consent 

One of the main reasons why GDPR is being talked about so much, is it massively alters the way companies deal with personal data. GDPR specifically places a lot of emphasis on ‘consent’. Any personal data obtained from a user must be voluntarily given, and there needs to be complete transparency in how the data is used.  

Where companies used to get away with ‘implying’ the usage of data before through a long and incoherent ‘terms and conditions’ for users to check; organizations must now explicitly declare how and where they use personal user data.  

Breaches 

The new GDPR deals with breaches more strictly than ever before. You are expected to notify an EU regulator or any other governing body as specified within 72-hours of a breach that involves unauthorized disclosure of data. Failure to do so, can result in massive fines and lawsuits.  

Many companies ignore ‘compliance’ as an unnecessary expense. But, recent events like Facebook’sCambridge Analytica scandal’ that allegedly compromised personal data of 87 million users for political purposes show governments are inclined towards reducing breaches. GDPR might be the first of many legislations around the world, that change the way cybersecurity works. 

Organizations that are agile, and already follow best practices like ITIL, ISO, etc. should not find compliance a burden. If you aren’t on your way to digital transformation yet, why not try managed IT services for your compliance needs?  

ProV managed services can streamline your processes for agility, boost production and help you comply with various regulations like GDPR, HIPAA, PCI-DSS and HITECH, depending on the industry you operate in. To learn how you can outsource your IT burden on us and get the maximum ROI from your IT, drop a comment below, or contact us today.  

 

Share This Article

Topics: Cyber Security, how to avoid cyber attack, cyber security tips, cyber attack services, gdpr