The countdown is on. Later this week, May 25th to be exact, all U.S. companies will be required to comply with General Data Protection Regulation (GDPR). Failure to do so will result in steep fines for violators.
Whether you’re in the process of finishing your data policy updates, or just getting started (yikes), here’s what you need to know.
What Is GDPR and Who It Affects
Under GDPR, companies are required to handle all consumer data carefully, plus provide consumers with the proper tools to monitor as well as delete personal information. They’re also responsible for alerting consumers immediately within the first 72 hours of any breach.
Fines for less severe breaches can max out at $10 million or 2% of the company’s annual revenue, whichever is greater. Meanwhile more severe breaches can go up to $20 million or 4% of the company’s annual revenue, whichever is greater.
How to Ensure Compliance
To avoid paying the piper, be sure to make sure your T’s are crossed and your I’s are dotted. Focus on:
Getting Explicit Consent. Before you collect, use, or store an individual’s personal data, get clear consent. And to be on the safe side, it doesn’t hurt to employ a “double-opt-in,” too.
Once you update your policies for GDPR, don’t get complacent. As technology and fraud evolves, so will the steps needed to protect sensitive data. These procedures are just the tip of the iceberg in the ongoing fight for personal data protection.