We’ve been talking a lot about the GDPR (General Data Protection Regulation) here at DATABASICS and for good reason: it’s important. The deadline in May 2018 looms nearer, making it more essential than ever that your company knows what’s about to come. In just a few short weeks, the E.U.’s most stringent regulations on data privacy yet will come into play. To get a basic gist of what the GDPR is, we recommend that you read our blog titled “If You Work With EU Data, You Need To Read This: A GDPR Cheatsheet.”
In the meantime, here’s a list of the most important things to know right now about the GDPR:
Most Important Details About the GDPR
- The deadline is soon!
The GDPR compliant deadline is May 25, 2018. But, that probably doesn’t mean that on May 26th, every company not in compliance will get hit with a fine. Instead, probably a few major companies with client data belonging to E.U. citizens will be audited and, if found in noncompliance, will be fined.
While you may not be a major company, this still has repercussions that affect you, even if you’re not in the E.U. Those fines are hefty and they can apply to any company that controls E.U. citizen data that’s found not in compliance.
However, it’s likely that any company that puts effort into compliance and documents that effort will get more leniency with GDPR regulations than a company that puts no effort into compliance.
- Your reputation is on the line.
Word about the GDPR is spreading rapidly because it is so important. This affects companies small and large because any company that can call itself GDPR-compliant will have the advantage over one that cannot make the same claim.
Privacy is becoming more important to citizens not only in the E.U., but all over the world, so customers are more willing to work with those companies that comply with these strict data regulations. After all, the GDPR requires that companies are forthright with how they use your information and they have to allow you to remove your data at will, giving the consumer more power over their data.
Related Article: If You Work With EU Data, You Need To Read This: A GDPR Cheatsheet
- You may need to make an additional hire in order to be in compliance.
The documentation is complicated and creates plenty of opportunity for confusion. When the regulations go live, there will probably be plenty to figure out by trial and error.
What you need to know, however, is that there are some basics regarding the regulation that are clear; one of those is that your company may need to hire a Data Protection Officer (DPO) or appoint a current employee to be the DPO for your organization. This person will be the person working to establish compliance and will be the point of connection for GDPR regulators. It may take time to train this individual or hire them, so it’s important to be aware of whether you need a DPO or not.
- Your current privacy statement may not be enough.
If your current privacy statement is something that a lawyer would take some time to parse, then it’s time to make that statement clearer. The GDPR requires that language is uncomplicated and accessible in terms of what it says and in terms of how users can access it. The information needs to clearly state what your company does with personal data, what rights people have over their data (including the right to request removal of their data), and how to take advantage of those rights.
In addition to your statement, the GDPR makes it clear that you must err on the side of privacy every time. That means that when someone provides your organization with data, they are not automatically opted in to services that they do not request, including marketing.
These are just a few highlights that you should definitely know about the GDPR when it comes to your large or small organization. Learn more about the GDPR and take this quiz from Microsoft to assess your readiness: https://www.gdprbenchmark.com/questions.
DATABASICS provides cloud-based, next generation Expense Reporting, P-Card Management, Timesheet Management, Leave Management, and Invoice Processing automation. Specializing in meeting the most rigorous requirements, DATABASICS offers the highest level of service to its customers around the world.
DATABASICS is relied upon by leading organizations representing all the major sectors of the global economy: financial services, healthcare, manufacturing, research, retail, engineering, nonprofits/NGOs, technology, federal contractors, and other sectors.