May 30, 2018
This much is certain: GDPR will have both immediate and far-reaching impact on European customer relations. The question is: what are you doing about it?
GDPR compliance is not an option: if you do business with persons in the EU, it is mandatory. Every US business, no matter what size, no matter what business you’re in, must put together a program that meets the stringent requirements for collecting, using and disclosing the individually-identifiable information of your customers. Every business, every customer. No exceptions.
GDPR replaces all previous programs that address customer privacy and your obligations to protect what they give you. GDPR requires you examine what you do to acquire it, how you handle it, how you store, use and share it. It looks deeply into your processes, workflows, policies, your systems, and technologies. GDPR looks at what you do when things go sideways, and that data leaks out, and at the effectiveness of your efforts to keep that from occurring.
GDPR does not “take your word for it” that you are addressing everything it mandates. It requires evidence that your program elements are in place, accurate, current and working. When investigations and audits happen – and they are already happening– the examiners dig deep into your records, your policies, your systems, and your management. The evidence must show that this matters, that you are serious, and that you are performing. History demonstrates clearly that non-compliance will be very expensive.
GDPR can seem confusing, and in conflict with US privacy requirements. It raises the question of how to meet the regulations here at home, and still make it work abroad. To make matters even murkier, many countries already doing business with EU members are adopting very similar standards themselves, thus making it necessary for you to consider an even broader program. And with markets around the world running 24×7, GDPR requirements will likely circle the globe; requiring you to make it work everywhere.
Not sure where to begin? We know where to start, and we can help you navigate the GDPR Rapids safely. We deliver answers and solutions:
- What is the GDPR? The GDPR codifies and harmonizes data privacy laws across all European Union member countries.
- Why does the GDPR matter? Compliance is mandatory, and penalties for non-compliance with the provisions of the GDPR regarding collecting and using personal data are potentially devastating.
- Who does the GDPR affect? The GDPR applies to any business collecting personal data from a citizen of the EU.
- What are key provisions of the GDPR? Personal data is defined as any information related to a natural person that can be used to directly or indirectly identify that person.
The most important thing your firm can do now is to determine how ready you are for GDPR compliance. Some steps you can take today:
- Look carefully at how you communicate with your clients. Make sure you let them know how you use and protect the information they give you. Make sure they know that protecting this information is a high priority. Make sure you review the notices you send them state this clearly and positively.
- Examine your information management practices closely. How you work with this information should be reflected accurately in your policies, and be sure to follow them.
- You want to make sure you are following the true requirements of GDPR. Download a copy of the regulation – we can provide you one. The law states plainly the things you should be doing today. Form teams to examine it and report on their findings. From this analysis, you can compare your program to the regulations and find the gaps. You should close these as quickly as you can: the regulators are already very active, and they know what to look for. You want to be ready for them as soon as you can.
We would enjoy continuing the discussion thread that we have started. Let us know if we can help and if you want to continue the conversation on GDRP. GDPR will be with us for a long time, with others to follow.