Does Your Business Have to Comply with GDPR?

  by    0   0
On May 25, 2018, a major rules change that impacts millions of businesses took effect. The European Union’s General Data Protection Regulation (GDPR) is the most significant change to European data security standards in two decades. While the regulation has a direct impact on enterprises located or doing business directly in EU countries, it can also apply to U.S.-based businesses. GDPR gives consumers more control over how companies use their personal data. In particular, European consumers now have the right to:
  • Be informed about when companies are collecting their information.
  • Access the information companies possess about them, via a “subject access request.” Companies must provide the requested information within one month and correct any inaccuracies.
  • Have their information erased (this is known as “the right to be forgotten”).
  • Ask for restrictions on the use of their data.
  • Move or copy their data from one source to another (this is known as “data portability”).
  • Object to how companies use their data, including for direct marketing and when companies make automated assumptions about what an individual might want to buy.
Companies outside the EU are subject to GDPR if they collect personal data or behavioral information on individuals located in an EU country, even if no financial transaction takes place. A simple survey can trigger compliance requirements. Any businesses with websites that target-market to international customers may also have to comply. A business is bound by the requirements if it specifically targets consumers in an EU country. For example, if the web pages use the particular country’s language and refer to users and customers in that or other EU countries, the EU regulators would consider that target marketing. Target marketing does not include a web page written in English that makes no such references, but that a European consumer could possibly access. Any company selling goods and services via the Internet, and that targets EU customers, may have to comply. If your company fits the bill, you should:
  • Obtain clear and explicit customer consent for collection and use of their data for each type of processing done on the data. For example, one permission is required for sending e-mail marketing messages, another for sharing with third parties, and others for additional types of processing.
  • Protect collected customer data. The protection requirements are similar to standards in place in the U.S.
  • Notify the EU or other supervising authority within 72 hours of some data breaches. A breach must be reported if it involves “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed” that can cause “risk to the rights and freedoms” of EU customers.
  • Notify the individuals within the EU when a breach presents a “high risk” to basic property and privacy rights, such as when account passwords are compromised
The EU can fine a company 2% of its global revenue for failing to report a breach on time. Other penalties can be up to the larger of 4% of revenue or €20 million (about $24.4 million.) Prioritize your compliance efforts Experts advise companies that are just starting their compliance efforts to identify the most important thing they need to do, and tackle that first. Lesser priorities follow from that. As Chris Combemale of the Direct Marketing Association said, compliance is an ongoing process: “GDPR is a way of thinking about your customer, a way of thinking about your business that is permanent and long term.”              


Related Posts

Basics of a Strong Lockout/Tagout Program

Engineer check and control welding robotics automatic arms machine in intelligent factory automotive industrial with monitoring system software. Digital manufacturing operation. Industry 4.0A lockout/tagout program will not be effective if your employees are not properly trained in how it works, and if you don’t have consequences for them if they fail to follow the program.  Every year, hundreds of workers in the United States die because they don’t follow lockout/tagout procedures or their employers did not have […]

READ MORE →

As Wildfire Risks Increase, Insuring Businesses More Difficult

Business property coverage is getting more difficult to come by for operations located in areas that are susceptible to wildfires. The devastating wildfires of the last few years, along with the thousands of homes and businesses that have been burned or damaged due to these events, has resulted in insurers becoming more selective about the […]

READ MORE →

CALIFORNIA: Bureau Recommends Workers’ Comp Rates Drop 5.4%

graph growthWorkers’ compensation insurance rates will likely continue sliding in 2020 after California’s rating agency submitted its recommendation that the state insurance commissioner reduce the average benchmark rates by 5.4%. If the recommendation is approved, it will be the ninth consecutive rate decrease since 2015 (some years had two decreases), which have resulted in the average […]

READ MORE →

A Lesson in Timely Claims Reporting

file claimsA recent appeals decision denied coverage to a company on its directors and officers (D&O) liability insurance policies for taking too long to file the claim.  In this case, the 5th U.S. Circuit Court of Appeals in New Orleans sided with an insurer that had denied a claim a company had made after being sued […]

READ MORE →

Discipline Should Be Part of Your Safety Program

discipline red cardDoes your injury and illness prevention program spell out the disciplinary action your company will pursue if its safety rules are not adhered to? Addressing disciplinary issues can be a very sensitive and stressful process for most managers, supervisors and employees. However, if disciplinary issues are avoided or handled poorly, it can lead to serious […]

READ MORE →

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top