Nearly everything we do and have revolves around data in some form. From social media and shopping online to simply visiting a doctor’s office, our data is being recorded and analyzed in one format or another. Private information, such as full names, addresses, and credit cards, is constantly being collected, tracked, and even saved by companies. As long as this information is valuable, there will be hackers and cybercriminals who want to steal it… and they have been doing a frighteningly good job at it. This is where the idea for GDPR, or General Data Protection Regulation, came from.
Back in 2012, the European Commission created initial plans for a data protection reform. After four years of long debates and intensive preparation, the European Parliament approved GDPR in April of 2016 and decided that it will go into effect of May 2018. While most believe GDPR specifically applies only to EU countries, it actually affects any organization that collects, stores, or processes EU personal data - regardless of their location.
What exactly does this mean for your organization? Under GDPR, companies will have to ensure that all personal data that is gathered under strict conditions and in a legal-manner. They are now duty-bound to protect the data from being exploited and must respect the rights of the people who own the data, or the company will face major penalties. Citizens now have the right to know when their data has been breached and organizations must notify them sooner rather than later.
The process of dealing with a data breach has become a much stricter process under GDPR as well. Any breach or unauthorized occurrence that concerns customer personal data must be reported within 72 hours of the time that the company was made aware. Organizations must also let the affected customers know that their data has been breached so that they can handle the damage as quickly and efficiently as possible.
Failure to fully comply with these new rules could get companies into quite a bit of financial trouble. Depending on the severity of the breach and how the organization handled the aftermath, fines will range from €20,000,000/ $23,706,660 to 4% of annual revenues – whichever is greater.
By aligning your data privacy and cybersecurity efforts to comply with the new General Data Protection Regulation, you can help avoid any hefty fines or issues in the future. The stakes are incredibly high right now for your company, which is why you must take the time to understand your cybersecurity practices, data privacy needs, and where changes must be made to prevent breaches.
Learn more about what you can do to protect your organization by watching a recording of our recent informative webinar here!