Yes, another acronym we need to understand. GDPR stands for General Data Protection Regulation. Enforcement is coming to the EU in May 2018.
The most significant update of data regulation in the EU in 20 years. But, it only applies to the EU, right? Not exactly.
If your business collects personal data or preferences from someone located in the EU at the time of collection, for marketing or other purposes, then GDPR applies. In other words, if your company markets it’s products over the web to EU citizens, you must comply with the GDPR.
The EU definition of personal data encompasses much more than the US definition. Personal data refers to information about an identified or identifiable natural person. This information includes not only a name but an online identifier, IP addresses, and social media posts. The GDPR aims to protect all this personal data.
The consequences of ignoring the GDPR run on the expensive side. Up to 4% of revenues or $20 million whichever is greater. The territorial expansion goal makes companies outside the EU a target for regulators.
Help is available to assess your vulnerability to and compliance with the GDPR. A web search yields lots of information and consultants ready to help. In a nutshell, do PIA or Privacy Impact Assessment which involves organizing all your data.
Delete your unnecessary, no longer relevant data and locate any remaining data which applies to GDPR. Decide how to handle the GDPR data on hand, secure it, and document the entire process. Since over 50% of stored company data is often repetitious trivia, a thorough housecleaning is a good idea anyway.
Author: Kris Keppeler, a writer for Crossing Genres, and The Must Go List on Medium.com, and Does This Happen to You? on Channillo. Follow her @KrisKKAria on Twitter.