Data protection is now officially urgent. So urgent, that chances are you may just barely have time to finish that chai latte and prepare your organization to be fighting fit. On May 25, 2018, the biggest amendment in data protection laws, Europe’s General Data Protection Regulation (GDPR) will come into effect, placing new obligations on organizations that collect, store or use personal data. It will develop and expand upon the privacy laws already existing in the European Union, and will apply to organizations with global customers, even those without physical operations in Europe. That means even if your organization is not EU-based, but has information on, monitors, or sells to EU citizens, you will need to actively assess your data privacy protocols to comply.
Consumer Data = Responsibility
GDPR will apply to every organization that handles any data on EU citizens, whether as customers, consumers, employees or business partners and you will find that it places new obligations on data usage and storage. This regulation protects consumers’ rights to active consent, data portability and ‘right to be forgotten,’ i.e. have their data erased. Even third party vendors, suppliers and outsourcing partners will be required to protect personal data. Companies will also be required to report any significant data breaches to the local Data Protection Authority which will be empowered to levy punitive measures.
How GDPR Could Impact You
Businesses globally are worried of the impact of non-compliance, which is likely to lead to any or all of the scenarios here:
- The GDPR will impose fines ranging from 2 % – 4% of a company’s global revenues or €20 million, whichever is higher.
- Companies could face civil action lawsuits in case of data breaches which cause financial and reputational damage.
- Companies that lose their customers’ trust will find that it leads to a drastic loss of access to data that can set back the company’s data strategy by years.
- Diminished brand value, share price, market share and revenue growth due to perceived misuse of personal data.
Roadmap to GDPR
Most organizations are still struggling with setting up their compliance programs. They face many challenges because the GDPR is based upon a set of broad principles rather than specific rules. However, you can smoothen the road to compliance if you can follow the steps given below:
- Create an inventory and assessment of all customer data that you store and process.
- Survey your cloud providers, including the locations of these providers’ data centers.
- Update your privacy policies across all channels.
- Put a data breach contingency plan in place.
When we help you go the extra mile beyond mere GDPR compliance, you will gain the key competitive edge in any data-centric environment – consumer trust.
Countdown to GDPR
Firms are usually slow to respond to changes in regulations due to the costs involved, but GDPR non-compliance may actually prove to be more expensive in the long run. Steep fines will amplify the reputational damage that companies will incur. Any non-compliant organization is likely to generate headlines globally and be dragged through media debates on privacy and consumer rights. The resulting negative publicity is likely to ward off any potential new customers for several years. Customers could lose their trust, and revoke consent to data.
With the May 25 deadline looming ahead, your organization should immediately plan to get data processes and protocols up to speed. Together we will go the extra mile and help your organization to proactively comply with the GDPR guidelines to generate a greater sense of trust and create solid brand value in the long run.
Where can I find more information?
For a comprehensive guide and FAQs, see the EU GDPR website
This blog is meant to provide background information and should not be considered legal advice