Photo above | Source: Pixabay.com
GDPR is the new EU data regulation that will apply to businesses and organizations that handle or deal with the data of EU citizens. The GDPR regulation became official on May 24, 2016 when it was voted in and approved by the different parts of the EU. However, it’s not until May 25, 2018 that this new regulation will actually apply to businesses and organizations.
The GPDR regulation will not only apply to companies in the EU but companies around the world that have IT infrastructure which handles the data of users, suppliers or customers in the EU. Oregon has a long-established trading relationship with Europe, with at least 6.8% of exports going to the EU as well as importing a lot of goods from the EU. This is why GDPR compliance is important for many businesses in Oregon.
The purpose of GDPR is to give citizens of the EU greater control over their personal information and create a clearer legal environment for businesses to operate within. GDPR compliance has become a top data priority for 92% of US organizations in 2017. This is not surprising as penalties for businesses that do not comply with GDPR can go up a 4% of the annual turnover
How GDPR changes data handling for Oregon companies
When GDPR starts to be enforced in May 2018 there will be many new rules Oregon companies must abide by when handling the data of EU citizens. Some of the changes this new regulation will bring include:
Giving access to data – Any personal data collected by companies will have to be made accessible to the individual it belongs to if they request so. This information will have to be provided free of charge. Consumers will also be able to request that their data is deleted if they are no longer customers.
Accountability and compliance – Companies will have to implement appropriate measures to ensure and demonstrate they comply. This could include having data protection impact assessments, appointing a data protection officer and implementing data security measures such as pseudonymization.
Breach Notifications – If personal data is breached, companies will be required to notify their relevant supervisory authority within 72 hours.
Fines and penalties – Regulators will have the power to fine organizations that do not comply with GDPR. Penalties will reach an upper limit of €20 million or 4% of annual turnover, which ever is the highest figure.
GDPR overview
These changes are going to come at a cost to businesses in Oregon that handle EU citizens data. These costs will come from the need to hire experts, update IT systems and data management.
It’s important to be prepared as the 25 May deadline will be here fast. If your organization has not begun doing this yet, or even know if GDPR will apply to you it’s recommended you start now.
While GDPR will bring challenges for many businesses there also are some benefits. Companies that show they respect an individual’s personal data and are transparent about how they use it will build a deeper level of trust with their customers.
