Unlike the tons of emails you may be receiving suggest, the General Data Protection Regulation (GDPR) is not some form of unknowable, impending doom. It is a European Union (EU) law that is designed to give EU residents (yes, those from over the pond) better control over personal data held by organizations. Here’s the quick and dirty about the GDPR:
1.It’s a European data protection law
The GDPR attempts to give EU residents more control over what personal data businesses collect, store, and use.
2.Yes, it most likely applies to your business.
The GDPR applies to every EU citizen and any business that interacts with the citizen—even the ones in small town Texas. For example, if you sell a crocheted llama to a person in Latvia, the GDPR applies to you because Latvia is a member of the EU. Even when someone from Latvia is merely browsing your site for llama gear, the GDPR may apply if you collect any personal data.
3.Almost all personal data collection triggers the GDPR.
Pretty much any data that related to a person and can be used directly, or indirectly, to identify said is regulated. Super broad, no?
4.Get overt permission to process personal data and state it cleaaaarly.
5.Penalties will hurt your business BIGLY! They are YUGE!
You can be fined up to 4% of the company’s global turnover or $23.5+ million dollars (today’s rate), whichever is greater.
Bottom Line: Consult with a legal expert to maneuver GDPR regulations and the possible impact on your business. An expert will help you assess processes you already have in place and find out how to bolster your security practices.