Posted on July 21, 2020 - by Darren Gallop - in Building Your InfoSec Program
If you think the GDPR doesn’t apply to your company, you could be wrong. In 2020, the GDPR is making an impact and companies need to take note.
Let’s go back. As part of efforts to improve the privacy and protection of European Union citizens’ data, the General Data Protection Regulation, better known as GDPR, was adopted in 2016 and went into effect in 2018. Since then, many North American companies have seemed confused or outright ignored these new compliance requirements.
That’s dangerous. Here’s why, and what you can do right now to become GDPR compliant.
The GDPR may seem like it affects European businesses only, but the nature of the internet means it can easily affect companies outside the region as well. In short: if you’re collecting data on your website from individuals located in the European Union, you must comply with GDPR.
The Data Protection Authorities (DPA) initially had difficulty enforcing the laws outside of the EU. But by March 2020, some 231 GDPR fines had been handed out to non-compliant companies at a total of $508 million.
The fines for noncompliance are capped at $21 million or 4 percent of your company’s annual total revenues – whichever is greater. It doesn’t matter how large or small you are, nor does it matter that you “only do business in New York.” The GDPR intends to protect European Union citizens no matter what they do online, and no matter where. If they visit your website? You now have data on those citizens that comes with strings attached.
Many companies are taking the initiative to become GDPR compliant as it represents a competitive advantage in the global business landscape. Others are choosing not to do business with European customers at all, a strategy that may hamstring them in a global market.
If you needy to comply with GDPR, here’s a high-level checklist of what you need to do:
If you’re starting from scratch (or nearly), the Securicy platform can provide a solid foundation for all the policies and procedures you need to comply with GDPR.
Even before this new set of regulations, B2B companies were already discovering that cybersecurity was making or breaking new sales. Since the GDPR, some companies in North America are finding that expanding their business globally is more challenging. However, companies can find that compliance gives them a significant edge when working with enterprise customers.
These were key motivations for us when we founded Securicy – too many businesses can’t create an adequate security program themselves or afford to hire a consultant to do all this work. That’s why we built solutions that enable growing companies, startups, and mid-sized businesses to achieve compliance with industry standards and GDPR.
In 2020, the GDPR is in full force and we’re continuing to see an increase in the number of non-compliance fines handed out to global companies. If you have European users, you must demonstrate compliance with these laws or face penalties. Fortunately, by taking steps to secure your data, you can also take steps to become compliant and bring in new customers.
Are you compliant with the GDPR? Do you need to be?