In the next couple of months, you’ll increasingly hear the phrase GDPR. You’ll see it in Tweets, on LinkedIn and in the news. You’ll hear about it on the radio.
GDPR is the acronym for General Data Protection Regulation
GDPR is the acronym for General Data Protection Regulation, and it is a regulation by which the European Union (EU) government leaders intend to strengthen and unify data protection for EU citizens. This data protection legislation applies to all organizations anywhere in the world that handle, store or process the personal data of EU citizens, regardless of the company’s location. GDPR dictates the procedures and consequences surrounding breaches and notification of customers should a breach occur.
Beginning May 25, 2018, organizations that collect or process personal data of EU residents must comply with the following standards:
- You must ask for strict “opt-in” consent each time your organization uses an EU customer’s data.
- You must allow EU citizens to withdraw consent.
- You must prove erasure of consumer data in the event they request withdrawal.
- EU citizens may request their information at any time, and you must provide it.
- You must notify authorities of data breaches within 72 hours of occurrence.
What happens if you don’t comply?
- Fines of up to €20,000,000 or 4% of global turnover, whichever is greater, per incident
- Risk of class action lawsuits from data breach victims
- Damage to your company’s brand and erosion of consumer trust
- Long-term revenue loss
How Garnet River can help
Education & Awareness – Together with Inspired eLearning, Garnet River can provide your team with online training for GDPR.