4 min read
There’s an old saying: Their bark is worse than their bite. However, this is not the case with the penalties of non-compliance when it comes to the General Data Protection Regulation (GDPR).
With the enforcement date of the GDPR having passed on May 25, 2018, any company not in compliance could be in for a very nasty shock. And remember, GDPR is not limited to European Union (EU) businesses. Any entities processing the personal data of EU citizens have to comply. This impacts mostly any website today as well.
So, what is personal data in the GDPR world?
It’s things like tracking IP addresses, geographic data, and basically any information relating to an identified or identifiable person.
Ignorance does not equal compliance and GDPR is sure to make its “bite” felt for non-compliance. GDPR even recommends that businesses employ a privacy officer, as there is no more hiding behind a vendor or consultancy. This goes for small- and medium-size businesses (SMBs) as well as large global organizations. The penalties of non-compliance and the new power given to data protection authorities makes enforcement of these regulations the key to ensuring these rules get followed.
The scope of GDPR positions the EU as a leader in data protection, so don’t be surprised if other countries follow suit. Under GDPR, should a company of any size fall short of compliance, financial penalties abound…which is the bite that could bring an SMB to its knees.
If you process sensitive data on a large scale (like some social media platforms for example), you might have to appoint a data protection officer. Some large organizations are forming huge cross-functional teams to support GDPR compliance. This might include leaders from areas like product/services, UX/UI, policy, and legal.
Imagine the financial impact of any organization trying to pull resources to dedicate to this one mandate? Any way you slice it, businesses collecting consumer information through online tracking, which is a given nowadays, will need to comply – which impacts sea to shining sea.
With no lack of data breaches on the horizon, a big GDPR focus is around security and data breach. The EU is doing what the U.S. hasn’t been able to do yet – set a universal standard for breach disclosures, which include:
Backed by fines that are sure to hurt, GDPR unleashes the fury on sloppy security which could not only cost reputation harm, but really hurt the bottom line, or perhaps bottom out an SME altogether. Some factors that play into substantial fines might be:
If your answers to these questions find that the issue arose from technical problems or lack of reporting, fines can reach up to 2% of revenue from the prior year. However, if the issue is found to be a general lack of compliance with key parts of the GDPR regulation, the fines rise to 4% of revenue from the prior year.
Sending personal data to “third countries” or international organizations that don’t provide proper data protection, or not adhering to the principles of processing personal data can lead to these larger fines. As you can imagine, some of these companies have annual revenues in the tens of billions, so the fines are substantial.
Add to that the image blow a business takes when found to have been breached, and the revenue hit becomes even larger.
For over a year now, the GDPR’s bark has certainly been heard. And now that the compliance date has come and gone, companies will soon find out that the bite for non-compliance can really hurt. What can you do now?
Visit the EventTracker GDPR compliance page and download the solution brief to learn more about what needs to be done and how to protect your company.
Also, check out this webcast, Five Things You Should Know about GDPR Compliance, hosted by EventTracker’s CEO A.N. Ananth and the CEO of Fifth Step and GDPR author, Darren Wray.
5 min read
4 min read