Disclaimer: We are not attorneys. Nothing within this post should be considered legal advice, but rather a spur to put your research hat on!
Does your company collect, maintain, or process personal data of individuals within the European Union (EU)? If so, the General Data Protection Regulations (GDPR) will directly impact you and it is critical to be informed.
Why? Because the law takes effect TODAY!
This law gives individuals more control over their data and mandates how companies can collect, use and maintain the information.
The golden nugget of today’s article: Ensure all business partners are in compliance with GDPR. If you question a partner’s commitment to GDPR compliance, without hesitation you need to choose a new partner today.
US-based Companies are making this a priority. Are you?
This implementation will require many companies to…
- Change current business practices.
- Write comprehensive data privacy policies and distribute revised contracts to all clients and partners.
- Verify that all internal and external company partners are GDPR compliant.
- Define several critical roles to ensure compliance: Data Protection Officer (DPO), Data Controller, and Data Processor.
- A Data Processor can be an internal or external group. Anyone who captures and/or processes data on behalf of your company.
- Prove consent of database contact information.
Okay, Marketing folks…
As of May 25th, companies have to prove consent of every existing contact in their database, otherwise, they have to be removed. The recommendation is that if you’re worried about losing a significant portion of leads, then it is best to launch a re-engagement campaign. More information HERE.
This is not a topic reserved for executive leadership. You must educate your entire team on data and data flow. All departments need to be confident in their knowledge of the current data protection environment and your company’s specific procedures.
What is considered personal data? “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”
- Identification Number
- Health Information
- Online Identifier
- Cultural Profile
- Changes in Technology
The reasons GDPR will affect US-based companies: “GDPR applies to any organization located within or outside of the EU that offers goods or services to, or monitors the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”
- Does your company website receive visitors from European Union countries? If yes, then GDPR applies to you.
- Do you have clients that reside within any EU territory? If yes, then GDPR applies to you.
- Do you have a partner, such as a data processing partner, that resides in or captures data from EU residents? If yes, then GDPR applies to you.
- Does your company utilize any marketing or analytics campaigns that capture data from individuals within any EU territory? If yes, then GDPR applies to you. We really liked how Forbes spells it out HERE.
- You could be liable for penalties even if non-compliance is 100% the fault of your data processing partner.
- Non-compliance penalties are huge. It is just not worth the risk.
Major industries expected to be most affected:
- Online Retailers
- Software Companies
- Financial Services
- First, a warning.
- Next, a reprimand.
- Then, a suspension of data processing.
- Fines of up to 4% of annual global turnover or $20M+
- 2% for not having records organized (This is important. Contact Secure Records Solutions for clarification)
What to include in your contract:
- Outline the specific responsibilities of all partners within the data capturing chain
- Define specific process for how data is managed and protected
- Define how breaches are reported
We suggest conducting a self-audit
We believe THIS is a great template.
GDPR regulates that your data must be both organized and secure. Secure Records Solutions does just that. Call us today for a smart, secure and scalable solution that will support your GDPR compliance.
Security made simple.