The countdown is on. Later this week, May 25th to be exact, all U.S. companies will be required to comply with General Data Protection Regulation (GDPR). Failure to do so will result in steep fines for violators.
Whether you’re in the process of finishing your data policy updates, or just getting started (yikes), here’s what you need to know.
What Is GDPR and Who It Affects
Under GDPR, companies are required to handle all consumer data carefully, plus provide consumers with the proper tools to monitor as well as delete personal information. They’re also responsible for alerting consumers immediately within the first 72 hours of any breach.
GDPR’s net is wide, affecting data management platforms, marketers, media companies, and of course, consumers. So, everyone affected should be aware of the rules and consequences for breaking them.
What Are the Consequences For Violating
While fines are categorized as "less severe" and "more severe" breaches, both types are extremely costly. If you violate the regulations, be prepared to cut a big check.
Fines for less severe breaches can max out at $10 million or 2% of the company’s annual revenue, whichever is greater. Meanwhile more severe breaches can go up to $20 million or 4% of the company’s annual revenue, whichever is greater.
How to Ensure Compliance
To avoid paying the piper, be sure to make sure your T’s are crossed and your I’s are dotted. Focus on:
Getting Explicit Consent. Before you collect, use, or store an individual’s personal data, get clear consent. And to be on the safe side, it doesn’t hurt to employ a “double-opt-in,” too.
Once you update your policies for GDPR, don’t get complacent. As technology and fraud evolves, so will the steps needed to protect sensitive data. These procedures are just the tip of the iceberg in the ongoing fight for personal data protection.