Data compliance is the certification or confirmation that you meet the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract.
In other words, you are taking reasonable and appropriate steps to obey the laws to keep all data that is – collected, shared, stored, transmitted, or used – safe and secure.
What is GDPR
The EU General Data Protection Regulation (GDPR) is a new privacy law that provides strict guidelines (and very hefty fines) on handling all EU users’ data.
GDPR consists of a long list of regulations for the handling of consumer data. The goal of this new legislation is to help align existing data protection protocols all while increasing the levels of protection for individuals. It’s been in negotiation for over four years, but the actual regulations came into effect on May 25th, 2018.
Put simply, GDPR is a regulation that you’ll want to take seriously.
How GDPR Impacts Your Business
Even if you are not part of the European Union, if you collect any sensitive information that can be used to identify a person or business in an EU country, your company is subject to the requirements of the GDPR.
For example, this includes, but is not limited to, Personal Identifiable Information, Business Identifiable Information, Personal Health Information, and Non-public Personal Information. Or any other non-public information that leads to an individual being identified.
Violating data protection laws can see you and your business prosecuted, resulting in harsh punishments. These can include fines, penalties or legal action.
Failure to comply with GDPR can result in some pretty hefty fines. The fines will range from €20 million, or up to 4 percent of the offending organization’s annual revenue — whichever is greater. Now that’s a serious fine.
For lesser offences, the fine will be halved to €10 million, or up to 2 percent of the offending organization’s annual revenue — again, whichever is greater.
What You Can Do
Don’t panic! It’s important to view GDPR as a way to better protect your customers, and improve your own internal customer data handling procedures. To make GDPR an easier pill to swallow, view it as a positive game-changer that has come to safeguard consumer data rights in our increasingly accessible world. And just as it protects the consumer, it also protects organizations from overstepping their boundaries.
As such, these new laws are completely necessary, even if they require a bit of an adjustment period upfront.
That said, it is important to apply best practices!
- Identify risks
- Protecting your data
- Detecting potential breaches
- Respond through a customized breach response plan
- Recover with cyber liability insurance coverages
Everyone is affected, and you have a responsibility to keep all personal information safe and secure.
The effects of non-compliance can be devastating for you, your business, your employees, your clients, and your brand.