A couple of weeks ago there was an interesting article in Forbes, “Yes, The GDPR Will Affect Your U.S.-Based Business.” It represents an important ‘heads up’ for US companies.
The European Union’s General Data Protection Regulation has been extensively covered in every news medium, especially those specializing in technology news. By now everyone will be familiar with it and the fact that it becomes enforceable on May 25. Some will not just be familiar, they’ll be deeply knowledgeable about this extension of European law that represents the most sweeping change in data privacy in more than 20 years. Any organization that collects “personal data” – think personally identifiable information (PII) – on anyone in an EU country (EU citizen or not), is subject to GDPR.
While safeguarding personal data in compliance with the GDPR should not be onerous, the penalties for failing to do so are severe. Even just failing to report a breech in security within 72 hours could result in a fine of 2% of global revenue. That’s not insignificant by anybody’s standards.
In Europe there is a last minute scramble underway with both large and small organizations reviewing policies, procedures and protocols to ensure that they are in compliance. That’s why users are getting multiple emails everyday inviting them to confirm that their contact details are correct and that they’d still like to receive updates. In other parts of the world, including the US, the pressure isn’t quite so intense, but the more astute organizations are taking the opportunity to review their privacy and data protection policies on a GLOBAL scale. It’s a sensible position to adopt and one that we at Integris Applied strongly support. Stronger data protection legislation in other parts of the world is only a matter of time. Even if you’re not operating in the EU, now is the time to get ahead of the issue. Are your systems and policies capable of detecting and reporting breaches within 72 hours? Do your third-party supplier contracts contain flow-through provisions to protect you from data breaches?
– John Pirtle, May 2018 – [bio]