It’s been a little over a year after the EU’s General Data Protection Act (GDPR) went into effect on May 25, 2018 and privacy experts are already heavily scrutinizing adherence to the policy. The GDPR joins Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) compliance, the Health Insurance Portability and Accountability Act (HIPAA), and the Family Educational Rights and Privacy Act (FERPA) as one more piece of the data and compliance puzzle that Axis Technology can help you solve!
One more regulation that’s around the corner: the California Consumer Privacy Act (CCPA) goes into effect next year, January 1, 2020. Since the law was closely modeled on the GDPR, it mirrors a lot of the language. For more information on CCPA, check out our article Axis CCPA Compliance
Recent Impacts from GDPR
In June 2018, companies self-reported 1,700 data breaches, and estimated that the total will be around 36,000 breaches reported in 2019, a significant increase from the previous annual reporting rate of between 18,000 and 20,000 breaches. During the first nine months that the GDPR was in effect, the total penalties imposed under the statute added up to 55,955,871 euros, according to a report published in late February by the European Data Protection Board.
Are you GDPR Compliant?
Recently, TrustArc found that only 20% of businesses believe they are now GDPR complaint. Shockingly, more than 1 in 4 companies (27%) have yet to begin work on making their organization GDPR compliant – several months after the May 25th deadline has passed!
What is GDPR?
The General Data Protection Act (GDPR) consists of a long list of regulations for the handling of consumer data. The goal of this new legislation is to help align existing data protection protocols all while increasing the levels of protection for individuals. Prior to the GDPR, there was no single breach-notification regulation for the European Union. Instead, the EU’s 1995 Data Protection Directive (which the GDPR replaced) allowed individual member nations to write and pass their own breach-notification laws.
The hefty penalties associated with non-compliance of GDPR could reach into millions of dollars. Companies that do not comply will fall into one of two categories, and the higher of these could cost €20 million or 4% of the company’s annual turnover, whichever is higher.
All of the reforms going into effect are designed to help customers gain a greater level of control over their data, while offering more transparency throughout the data collection and use process. These new laws will help to bring existing legislation up to par with the connected digital age we live in.
Does GDPR Apply to US Companies?
Many businesses have asked the question of whether the GDPR applies to US companies that are already compliant with the EU-US Privacy Shield. The answer is Yes, they are in scope of the GDPR if they are processing or are a controller of personal data of data subjects in the European Union. Compliance will be mandatory for those US companies Controlling or Processing the personal data of subjects in the European Union even where the processing may take place outside the Union.
How the GDPR applies to US companies controlling or processing personal data can be complicated – and difficulty of addressing these questions makes GDPR compliance for US companies an area that requires action to be taken as soon as possible!
How Axis Can Help You Become GDPR Compliant
Are you prepared to suffer the reputational damage that non-compliance could bring to your company? In the months and years ahead, data privacy could become the new arena for marketers to compete and win new customers, and your company should be preparing for that battle. The reputational damage to companies that do not comply with the new law could be more costly than the GDPR fines themselves.
There’s no longer any valid reason left to argue that you don’t have to worry about the GDPR. One way or another, it is going to affect how you manage your data. It’s no longer an optional, “we’ll get around to it” issue either. With over 59,000 instances of breaches reported since May of 2018, a large number of those under investigation, and an equally large number of warnings and fines already levied, this is an immediate issue. Your next step should be to contact us to perform a risk assessment and learn how we can help avoid data breaches within your firm.