After long debates that lasted several years, the European Parliament has approved the GDPR (General Data Protection Regulation) back on April 14th 2016. Companies had a period of two years to implement the guidelines of this regulation and the final deadline is drawing closer. The enforcement date is slated for May 25th 2018. If your company fails to implement the provisions of this regulation, then you may face heavy penalties.
So, the first thing that you need to do is understand what the GDPR is all about and why it was approved by the European Parliament. The GDPR is a regulation that was brought forward due to increasing concerns about the privacy of the citizens of the European Union. The GDPR replaces the outdated and obsolete Data Protection Directive 95/46/EC.
Companies will now have to do a lot more in terms of protecting the privacy of their clients. The companies that will have to enforce the regulations of this regulative are the ones that are registered in a country in the European Union. Even non-EU companies will have to obey the rules of the GDPR if they have acquired private information of EU citizens.
The official phrasing of the GDPR is that companies will now have to provide a reasonable degree of protection of the personal data of EU citizens. However, the key term here is ‘reasonable’. It’s a vague term and it’s not direct. So, this gives the enforcers of GDPR leeway in determining whether a company is providing a ‘reasonable’ degree of protection of the personal data of EU citizens.
What your company needs to do is to now treat cookie data and IP addresses in the same way as it treats other, arguably more sensitive private information such as the social security number, address, or name of a person.
If you don’t believe that you should bother with implementing the strict provisions of this regulative, then you should consider the potential fines that you may face. You may face a penalty of up to 20 million euros in extreme cases. The fees can even be higher if your global annual turnover is high enough because the GDPR can tax your global annual turnover for 4 per cent. In fact, it’s estimated that the fees that could be gathered in this way can rise up to 6 billion euros on a yearly basis.
It’s of the essence to create a data protection plan for your company. Perhaps you have already created one in the past. But it’s very important to update this plan so that it’s in compliance with the provision of the GDPR. If you happen to find that anything’s off – then make sure that you start implementing measures as soon as possible so as to make your company compliant with GDPR before the deadline at 25 May 2018.
You can also hire external help if you find that you’re having difficulties in meeting the requirements of GDPR. It will be a worthy investment considering the fact that you will evade a big headache by going about this job on your own.
And in the end, we hope that your company will manage to comply with all of the provisions of GDPR before the deadline.