May 25, 2018 is right around the corner.
If that date doesn't ring a bell, we're here to remind you again about the General Data Protection Regulation (GDPR) passed by the European Union in 2016.
If you do business with European companies or your business stores data about EU citizens, you have until May 25, 2018 to meet the necessary GDPR requirements surrounding data security and management.
Because this is a European law, much of the focus has naturally been on EU companies. But take note: Organizations outside of the EU are still governed by GDPR if they store data, offer services to or monitor the behavior of EU individuals. So if this applies to you in any way, shape or form - no matter how little EU data you have - you are required to comply and could be penalized if you're found in offense.
How does this affect your business? There is no one-size-fits-all answer; It all depends on what your organization does and how deeply engrained it is with EU-related data. If you're ignoring the regulation because you have a small amount of contact with EU individuals, think again: You could be missing out on growth opportunities and efficient data security practices. Alternatively, if your organization operates or offers services to larger European companies, you need to prepare and invest in risk mitigation procedures to avoid fines, business loss, and brand risk. And to top it off, the GDPR's penalty structure is based on the percentage of a company's global revenue, not just the revenue related to the breached information. So fines could be much higher than you think.
Not complying to GDPR requirements by May 25, 2018 can show others that you are indifferent about legal regulations and data security - both of which are dependable and serious business practices that you don't want to avoid. Think about this investment as a way to bring transparency, honesty and safety to your business. It's also an opportunity to put customers or business partners first, establishing a new framework that puts their security at the forefront of your business.
GDPR could apply to your digital transformation, customer experience, customer service, analytics and finance departments. It's so encompassing that you need to look in every possible corner for potential risks.
GDPR is the number one data protection priority for 54% of US multinational companies, according to a 2017 PWC study. It's time that you join the pack and take action; If you don't you could easily lose business and damage your reputation. Keep in mind that data management practices must reflect the requirements no matter where you are in your agreement, so consider if you need to renegotiate contract terms.
It will take time and resources, energy and collaboration. There's no way around that. But the experts and resources at DRS Imaging can help with GDPR compliance:
- Perform a Gap Assessment
- Evaluate Risks
- Create a Data Security Plan
- Consult on Best Practices and Potential Solutions
- Implement Breach Notification Processes
Because there are no technological or implementation requirements, only broad measures to follow, it can get overwhelming. If you have questions about what your organization needs to do in order to comply with the GDPR, let us know. We are familiar with the necessary requirements and can provide a comprehensive, enterprise-wide approach to data protection.
Related Link: GDPR Clarity: 19 Frequently Asked Questions Answered