The European Union is making big changes for consumer data protection, and if your company holds any data from anyone in the EU, you need to take notice. The new law becomes effective on May 25th, 2018, and there will be hefty fines if you aren’t compliant.
In short, the General Data Protection Regulation is taking huge steps to protect the privacy of citizens in the European Union. It ensures all organizations handle personal data correctly, and it standardizes the privacy laws across Europe. The last time the EU updated their privacy laws was in 1995, and a lot has changed in the way personal data is exchanged. The GDPR puts many strict requirements on businesses so that they collect private data securely and receive proper consent from the customer.
For the sake of the GDPR, personal data is anything that can be used to identify someone, either indirectly or directly. This includes more obvious details, such as the person’s name, email address, medical information, or bank account number, and less obvious information, such as the computer IP address or posts on social networking sites.
You may be wondering why we are telling you about privacy data laws for the European Union. We are telling you because they don’t only apply to companies located in the EU—they apply to any company who has users from the EU. If you collect any personal data, whether through an app or website, you must comply with the GDPR even if you are located in the United States (or any other country).
If caught in non-compliance, you will be fined according to the GDPR’s tiered fee schedule. Which means less severe infractions will cost you less than the ones considered the most serious. For example, if you are caught not notifying the appropriate parties if/when a data breach occurs, you can be fined two percent of your annual global turnover. However, if you are caught not collecting appropriate customer consent to process their data, you can be charged four percent or 20 million euros (which currently equates to over 24 million USD).
Clearly, we are taking the General Data Protection Regulation seriously, especially because several of our clients conduct business with customers from the European Union. Our account directors and executives are in the process of contacting our clients that will be impacted by these new laws and helping them to make sure they will be in compliance by May 25th. If you have any questions about the GDPR, or you want to confirm if you are impacted, contact our digital marketing agency today.