Have you taken action to comply with the E.U.'s General Data Protection Regulation (GDPR) yet?
If not, now is the time to get started. Organizations doing business in Europe or with European customers must be in compliance with this robust data security law by May 25, 2018.
We previously laid out the basics of GDPR compliance in a previous blog post, but what GDPR really does is harmonizes data protection and mandates rules around security notifications, user content, personal data, and consumer rights. It touches compliance efforts concerning breach notifications, data portability, and numerous areas of privacy.
It's strict and holistic. But here's the big takeaway you must pay attention to: fines will be fast and harsh for businesses not in compliance by next May.
If found in noncompliance after a data breach, some businesses could be fined 4% of global annual revenue for the preceding financial year or 20 million. Others may be penalized 2% or 10 million, whichever is greater. The regulations go on to make distinctions between data controllers and data processors, so make sure you read up and understand where your business falls on the law's tiered system.
A recent report by McAfee, Beyond the General Data Protection Regulation: Data Residency Insights from Around the World, surveyed 800 senior business professionals from eight countries in a variety of industries about data protection concerns and strategies.
The results found that 48% of organizations plan to migrate their data to a different location because of regulations like GDPR. But only 2% of business leaders say they know the full extent of the laws applying to their organizations.
Don't be part of the minority. Think about it like preparing for a natural disaster, you want all your ducks in a row before something catastrophic happens. But you must act now to meet the deadline. Begin by reading the regulations and prioritizing what steps you need to take to comply. Update your company's privacy statement and ensure you're answering both U.S. and E.U. requirements.
You may see even greater benefits from meeting GDPR compliance standards. While the legislation is about security at the core, it provokes businesses to have a robust data management system in place. Without one, meeting transparency rules and disclosure procedures will be inefficient with many gaps. Think about it as an opportunity to streamline processes while making business practices more secure. Plus, the McAfee study found that 74% of professionals believe organizations that correctly apply data protection laws will attract new customers.
DRS Imaging is familiar with GDPR compliance requirements. If you have any questions or need help in getting document management and information governance systems in place to comply, we're just a phone call away ( 1-888-908-6643 ).