Here’s How Europe’s Data Protection Regulations Affect American Companies
The EU General Data Protection Regulation (GDPR) is said to be the most important change in data privacy regulation in 20 years; and it’s also the strictest in the world.
Europeans will be able to tell companies to stop profiling them, and will have greater control over what happens to their data. The new laws will make filing abuse complaints much easier, which will result in hefty fines for companies that misstep.
Companies blatantly breaking the rules can face fines that are equal to $24M or 4% of their global turnover (whichever is greater), which will put small organizations and large global organizations on the same playing field. Here are a few important considerations for American companies:
- EU citizens will have the “right to be forgotten”
- Companies outsourcing to providers who are hacked will now share responsibility with those providers for the hack
- Privacy policies will need to be updated and clearly written
- Some companies will require a data-protection officer to oversee the organization’s compliance
- Companies will need consent to use data and to ensure data is anonymized now more than ever
Ensuring your organization’s compliance may not seem urgent, but avoiding the fines and bad publicity will undoubtedly be worth it in the long run.