The countdown is on. Later this week, May 25th to be exact, all U.S. companies will be required to comply with General Data Protection Regulation (GDPR). Failure to do so will result in steep fines for violators.
Whether you’re in the process of finishing your data policy updates, or just getting started (yikes), here’s what you need to know.
Under GDPR, companies are required to handle all consumer data carefully, plus provide consumers with the proper tools to monitor as well as delete personal information. They’re also responsible for alerting consumers immediately within the first 72 hours of any breach.
GDPR’s net is wide, affecting data management platforms, marketers, media companies, and of course, consumers. So, everyone affected should be aware of the rules and consequences for breaking them.
While fines are categorized as "less severe" and "more severe" breaches, both types are extremely costly. If you violate the regulations, be prepared to cut a big check.
Fines for less severe breaches can max out at $10 million or 2% of the company’s annual revenue, whichever is greater. Meanwhile more severe breaches can go up to $20 million or 4% of the company’s annual revenue, whichever is greater.
To avoid paying the piper, be sure to make sure your T’s are crossed and your I’s are dotted. Focus on:
Getting Explicit Consent. Before you collect, use, or store an individual’s personal data, get clear consent. And to be on the safe side, it doesn’t hurt to employ a “double-opt-in,” too.
Having a Plan in Place. Make sure you have a concrete plan in place for handling a breach. It should include the procedure for immediately alerting affected consumers.
Allowing Individuals to “Be Forgotten.” Don’t forget individuals have the right to request that their personal data is securely and completely deleted. Have your deletion procedure ready-to-go, too.
And in case you’re worried you forgot something, don’t hesitate to consult the official GDPR site.
Once you update your policies for GDPR, don’t get complacent. As technology and fraud evolves, so will the steps needed to protect sensitive data. These procedures are just the tip of the iceberg in the ongoing fight for personal data protection.
Subscribe to Email Updates