Time Is Up: Are You Ready for General Data Protection Regulation?

The countdown is on. Later this week, May 25th to be exact, all U.S. companies will be required to comply with General Data Protection Regulation (GDPR). Failure to do so will result in steep fines for violators.

Whether you’re in the process of finishing your data policy updates, or just getting started (yikes), here’s what you need to know.

What Is GDPR and Who It Affects

GDPR regulates the usage and collection of personal data, offering “user data protection” for EU citizens. This protection extends to wherever a citizen travels, making it a global consumer privacy policy. To be eligible for protection, data must belong to a living identifiable person. A “living identifiable person” is defined as having a name, photo, medical information, and email address, plus a digital footprint.

Source: Cloudinary

Under GDPR, companies are required to handle all consumer data carefully, plus provide consumers with the proper tools to monitor as well as delete personal information. They’re also responsible for alerting consumers immediately within the first 72 hours of any breach.

GDPR’s net is wide, affecting data management platforms, marketers, media companies, and of course, consumers. So, everyone affected should be aware of the rules and consequences for breaking them.   

What Are the Consequences For Violating

While fines are categorized as "less severe" and "more severe" breaches, both types are extremely costly. If you violate the regulations, be prepared to cut a big check.

Source: GDPRtoons

Fines for less severe breaches can max out at $10 million or 2% of the company’s annual revenue, whichever is greater. Meanwhile more severe breaches can go up to $20 million or 4% of the company’s annual revenue, whichever is greater.

How to Ensure Compliance

To avoid paying the piper, be sure to make sure your T’s are crossed and your I’s are dotted. Focus on:

Reviewing Your Privacy Policy. Use Plain English to make terms as clear as possible for consumers.

Getting Explicit Consent. Before you collect, use, or store an individual’s personal data, get clear consent. And to be on the safe side, it doesn’t hurt to employ a “double-opt-in,” too.

 Source: WordStream

Having a Plan in Place. Make sure you have a concrete plan in place for handling a breach. It should include the procedure for immediately alerting affected consumers.

Allowing Individuals to “Be Forgotten.” Don’t forget individuals have the right to request that their personal data is securely and completely deleted. Have your deletion procedure ready-to-go, too.

And in case you’re worried you forgot something, don’t hesitate to consult the official GDPR site.

Related Post: How Ad Fraud Affects Your Brand Safety

Once you update your policies for GDPR, don’t get complacent. As technology and fraud evolves, so will the steps needed to protect sensitive data. These procedures are just the tip of the iceberg in the ongoing fight for personal data protection.