GDPR is the European Union’s new data privacy regulation that goes into effect on May 25th. GDPR stands for General Data Protection Regulation and it is one of the most comprehensive data protection laws we have seen to date.
While this is a European Union law, it’s reach is far and U.S. companies may have to comply with GDPR. Why? Because if your business has any protected information about a citizen of the E.U., you are subject to GDPR enforcement. A client of yours that has an employee with dual citizenship that you store information for exposes you to GDPR. Doing business with any E.U. based business or businesses with locations in the E.U. exposes you. And GDPR penalties can be significant, so you want to be sure you know what your compliance obligations are.
Alarmingly, not many U.S. companies understand their obligations under GDPR. A recent survey conducted by CompTIA, the Computing Technology Industry Association found that half of U.S. business who could be impacted have yet to determine if they need to comply with GDPR. Worse, nearly 65 percent of surveyed companies do not understand the significant enforcement penalties that GDPR can levy.
From a technology standpoint, GDPR introduces the concept of data transparency. In a nutshell, if you store any protected information covered by GDPR, you have to make that information available to the person it applies to for review. That person then has the right to ask you to remove any of their information from your systems and you have to be able to assure that you have fully scrubbed that data.
In two short weeks, we may begin to see the real world impact of GDPR, not just in Europe, but here in the U.S.. Be sure you do your homework and protect your business accordingly.