In today’s global, digital economy, companies are collecting more data than ever on their customers, and that data is becoming more diverse and complex, from different sources and in different formats. The creation and exchange of data has also increased significantly as BYOD and enterprise collaboration software have grown to become a mainstay in the modern workplace.
Once the General Data Protection Regulation, or GDPR, takes effect on May 25, 2018, it will greatly influence data management throughout the world. While the US doesn’t have a comparable data protection law, every company conducting business within the EU will need to incorporate proper safeguards into their business practices in order to avoid the high cost of non-compliance. Depending on the infringement, organizations can be subject to fines up to 20 million euros or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
Evolution of GDPR
In 1995, the EU adopted the Data Protection Directive to regulate the processing of personal data within the EU. The primary goal of the directive was to protect all personal data collected for or about EU citizens, specifically related to the use, exchange and processing of said personal data.
With the expansion of the Internet and the increased distribution of personal data, new regulations were required to provide EU citizens with the right to control how personal data is stored, processed and shared. To accommodate the increased traffic and include non-EU organizations within the legal framework, the EU developed GDPR.
GDPR is aimed to protect all EU citizens and transform the way organizations approach data privacy, by mandating that companies maintain much tighter control over the data, and be able to understand its history, current use, and purpose.
Although an EU regulation, GDPR will have a global effect on data management practices as any organization conducting business within the EU will be required to meet its stipulations, regardless of where they’re headquartered. Meaning, if a company collects data on any EU citizen, it’s subject to GDPR, whether or not that company has an official EU presence. As such, US organizations need to ensure that they are prepared to meet these strict requirements if they want to avoid accruing costly fines for non-compliance.
Read the full article here