The General Data Protection Regulation is set to come into effect in May, bringing with it a wide variety of new more stringent requirements regarding personal information. All organizations that have more than 250 employees on their payrolls and do business with the European Union are required to comply with these new regulations. However, this can pose a challenge to businesses that have not yet begun to make the changes required for GDPR compliance.
When Does it Apply?
The GDPR applies to any situation in which an individual gives his or her information freely to an organization via the internet. It also applies to any situation in which a data breach could lead to any misuse of personal data, whether it be accidental or intentionally unlawful. All biometric data is covered under the GDPR, including any information regarding physical, physiological, or behavioral identification or patterns and all inherited or acquired health and biological data.
The Consequences of Non-compliance
Any organization that is not in compliance with these new regulations by May of 2018 will be subject to fines of either 4% of the organization’s annual global revenue or 20 million Euros. When customers do not consent to data access or their consumer records are not kept in proper order or are accidentally destroyed the fines levied against the responsible businesses can be up to 2% of the organization’s annual global revenue.
Notification of Data Breach
Any organization that experiences any kind of data breach will be required under the GDPR to conduct an impact assessment and notify a supervising authority. This notification must take place no more than 72 hours after the breach. Organizations that fail to take these steps can be fined 2% of their annual global revenue.
The most effective way for businesses currently in operation to ensure compliance with these new regulations is to perform an information audit. This allows them to demonstrate tangible proof of compliance with the new information laws and the efficacy of their personal data management practices. The best way for businesses to perform these types of information audits is to hire a third-party company that offers specialized services designed to ensure compliance with the new GDPR regulations.