If you thought GDPR was only relevant to organisations in the EU, think again. The new EU regulations will come in to play from 25th May this year and will affect pretty much everyone.
The general myth recently has been that GDPR will be something only relevant to businesses in the EU and ones that trade directly with the 28 member states of the EU. This really isn’t the case, in fact it’s quite the opposite.
Obviously if you’re based in the US and trade with the EU then you’ll (hopefully) be well underway with ensuring your process and data backup solutions can provide all of the required actions for the new laws from May. Ensuring your customer’s data is protected and accessible if and when needed.
However, did you know that the new regulations also cover any data your organisation may collect on consumer behaviour. Section 3 is very much based on any kind of activity an EU based consumer does where you track and record their behaviour – For example on your website.
Article 3 (2) states:
This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
- the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
So, if you track any kind of consumer behaviour on your website, such as through Google Analytics, and the consumer’s activity was based in the EU then that data will need to be stored with the GDPR laws in mind. This also includes any data capture you may have received from an individual in the EU, however, when capturing this data you will need to clearly state to the individual, at the time, what your intentions are and how you plan to use this data.
Research conducted by VM World 2017 suggests that only 22% of US organisations are concerned about GDPR and have a plan in place, the reality is that it is more than likely to affect around 80% of US organisations. This means there is a significant gap where there needs to be a realisation that GDPR is relevant to businesses outside of the EU. With the introduction of new fine structure failure to comply with the new laws could result in a possible fine of up to 4% of the company’s annual revenue or €20m!
The possibility of these fines should really be enough to shock any business in to ensuring they are compliant with the regulation but as we can see some are still digging their head in the sand. Great news is there’s still time to face reality and get ready before the 25th May.
For more information on GDPR and the new articles visit https://gdpr-info.eu