By now, most business leaders in the USA have likely at least heard rumors and whispers about the General Data Protection Regulation (GDPR), if they haven’t addressed it directly.
With the May 25, 2018 enforcement deadline date hovering on the horizon—and so much at stake in fines and penalties for non-compliance or inadequate compliance—it is important for organizations in the USA to seriously take notice as soon as possible.
How and Why Did GDPR Develop?
The GDPR has already turned the world of business on its head with its intensive focus on the greatly enhanced data protection of EU citizens. The EU Parliament spent four years developing GDPR with the intention of harmonizing data privacy laws throughout Europe and empowering EU citizens when it comes to their personal data.
What Does Your U.S.-Based Organization Need to Know About GDPR Compliance?
In addition to the deadline for enforcement, there are several pieces of information that will help organizations in the USA prepare for full GDPR compliance.
The Expanded Jurisdiction
One of the most important aspects of GDPR is its expansive element to include any organization around the world that does business with any resident within one of the EU member states. The global reach of GDPR means that your U.S.-based business must comply with the requirements of the regulation even if you do not specifically do business with EU residents, notes the National Law Review.
New Data Rights for EU Citizens
Data rights and protections are the foundation for the creation of GDPR. The regulation requires that every business must obtain explicit consent from EU citizens for the collection and usage of their personal data. A few specific EU consumer rights in GDPR include:
- The Right to Refuse to Become a Data Subject
- The Right to Be Informed
- The Right to Restrict Processing
- Data Portability
- The Right to Erasure, also known as The Right to Be Forgotten
- Rights Related to Automated Decision Making and Profiling
The Appointment of a DPO
There are some cases when organizations must appoint a Data Protection Officer (DPO) to the data security practices. If any of the following applies to your business, you may need to appoint or hire someone, or contract a third-party, for this pivotal role:
- Data processing is carried out by a public authority or body.
- Core activities of the controller or processor require systematic monitoring of data subjects on a large scale.
- The personal data monitored relates to criminal convictions and other offenses.
Notification of Data Breach
GDPR insists that it is crucial to alert data subjects and proper authorities as quickly as possible to ensure protection. The regulation requires that your organization notifies of any data breaches likely to present a risk to data subjects within 72 hours if possible, once your team has become aware of the breach. If you are certain that the breach carries a high-risk factor, you must notify data subjects without undue delay.
Penalties and Fines for Non-Compliance
Knowing the negative impact of not fully complying with GDPR may add incentive for businesses to work double-time to get everything in order. There are two tiers of possible administrative fines, depending on the nature and level of infringement:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
Is Your U.S. Organization Ready to Come Face-to-Face with GDPR?
Many businesses are struggling to find the balance between tending to daily operations and ensuring full GDPR compliance so, if you are feeling the heat, you are not alone. Businesses around the globe understand your situation.
With a massive list of regulatory requirements, along with an ominous list of penalties and fines for non-compliance, it makes sense that organizations like yours are working overtime and second-guessing your efforts.
Thankfully, many companies are working to find solutions to support organizations like yours to ensure GDPR readiness and compliance.
Try GDPR eLearning to Solidify Your Compliance Readiness
A comprehensive GDPR eLearning course can help your organization prepare for GDPR compliance to relieve any lingering uncertainty and stress.
With EssentialSkillz, our content is delivered through our compliance-focused Learning Management System (LMS) called WorkWize. Our unique platform also distributes GDPR information through documents like PowerPoint, Policy Document, and videos.
We would love to give you a chance to sample WorkWize with a free trial to see how effectively it can help with your organization’s important GDPR compliance efforts.