A lot of talk lately has been about the GDPR (General Data Protection Regulation) and that’s because not only is it important, but the deadline for becoming completely compliant is coming up in a little more than six months.
In essence, the GDPR is a new set of laws that protect the data of European Union citizens. The new law, set to go live on May 25th, 2018, affects any organization of any size that collects, stores, and/or transfers the personal data of any EU residents.
If that sounds broad, that’s because it is. The law is meant to be all-encompassing so that companies take more care with data.
Fines for non-compliance are potentially so severe that they could constitute an extinction event for many companies. If you manage to survive a fine, the black mark that the fine gives you may make recovery even more difficult. As Lenos founder and CEO Debbie Chong said in an October 2, 2017 interview with BTN, “Beyond the fine itself, think about company perspective. If a company gets fined, everyone is going to start looking and saying, ‘What else did they do?’”
To make matters worse, the requirements for becoming compliant can be very complicated. That’s why, even though the law doesn’t go into effect for some time yet, many companies are already hard at work to make the required changes.
On the positive side, certified compliance with the GDPR could prove a valuable differentiator as far as company image:
"#GDPR will become a competitive advantage. People will look to #compliant companies for business." Tim Maiorino @kuppingercole #CIWUSA17
— David Brossard (@davidjbrossard) September 12, 2017
The Privacy Shield was designed to establish standards and a certification process for the transfer of information relating to EU persons outside of the EU. Companies can self-certify (which typically involves hiring a third-party specialist) to the U.S. Department of Commerce to publicly announce compliance.
The GDPR covers more than cross-border data transfers and, as one expert—Kevin Iwamoto at GoldSpring Consulting—says in BTN, may eventually subsume or replace Privacy Shield.
Privacy Shield has faced challenges in European courts, so it was given a deadline of September 2017 to prove that it was robust enough to fix the problems for which EU Safe Harbor was struck down by the EU courts in 2016. However, new challenges about Privacy Shield might become less important because of the GDPR. For now, Privacy Shield remains intact and its fate has not been officially determined.
If you manage or plan to manage data of any kind related to EU persons, from names to job titles to email addresses where the individual can be directly or indirectly identified, then you should immediately take the first steps to becoming compliant if you have not already done so. It’s a lot of work and will probably entail significant process change. It’s not the kind of the thing you can do yourself, so you will need to engage one of the growing number of consultancies that specialize in GDPR compliance. More specific information can be found on the official site, including specific language from the written law and updates.
Keep in mind that many kinds of people in your organization will have a role to play in ensuring compliance. Marketers, for example, are also included in what could sound like an IT- or administrative-only task. This checklist for marketers from e-shot provides a to-do list for preparing for these changes.
Because the deadline looms ever near, talk of the GDPR will become more common, especially as companies around the world strive to follow stringent compliance regulations. Be wary of GDPR fatigue, as one data protection blogger describes it, so that you stay on guard and ready for the changes to come.
On the opposite side of the spectrum, if you’re feeling up to speed, try out your knowledge with a GDPR quiz.
For more information on DATABASICS Time & Expense Tracking Software, contact us or call (800) 599-0434.
DATABASICS provides cloud-based, next-generation Expense Reporting, P-Card Management, Timesheet & Leave Management, and Invoice Processing automation. Specializing in meeting the most rigorous requirements, DATABASICS offers the highest level of service to its customers around the world.
DATABASICS is relied upon by leading organizations representing all the major sectors of the global economy: financial services, healthcare, manufacturing, research, retail, engineering, non-profits/NGOs, technology, federal contractors, and other sectors.
Connect with DATABASICS: LinkedIn, Twitter, and YouTube. DATABASICS is headquartered in Reston, VA.