Get Up to Speed with GDPR: What You Need to Know about the New Regulation

If, like most people in the digital world, you have an account with more than one major web service, you’ve likely received an influx of emails in recent weeks mentioning GDPR. But what do these four letters mean, and why should you care?

If you’re not up to speed on the basics of GDPR, here’s a quick overview of what you need to know.

What is GDPR? 

GDPR stands for General Data Protection Regulation, and it’s essentially a European regulation put in place to protect the data- and privacy-related interests of the more than 500 million people who live in the European Union.

What’s the gist of the regulation?

Although the legislation itself contains more than 56,000 words, it boils down to the fact that businesses that have the ability to collect information about anyone living in the European Union must gain explicit consent prior to collecting any data. They must also clearly state what they plan to do with the information they collect, and they must make it easy for Europeans to opt out of data collection at any point.

Why is GDPR a big deal?

Businesses that don’t comply with the new regulation by May 25, 2018 could face increasingly steep fines.

Do American businesses need to concern themselves with GDPR?

Although every responsible business owner should do their due diligence in order to determine whether they have to contend with GDPR, generally speaking, an organization that has the ability to collect information from or about EU residents is affected. That’s a huge percentage of American businesses when you account for those that host public surveys or collect email addresses in exchange for a white paper or newsletter.

Are businesses that collect — but don’t use — data about EU residents off the hook?

Unfortunately not. Even if you never take a single action with the data you collect about European citizens, simply having the ability to look at their info is enough to require compliance.

What are businesses that collect data supposed to do?

If your business collects customer data for any purposes, it’s critical that your customers explicitly allow you to use their data for a specific purpose. Keep in mind that consent for separate purposes need to be asked for — and granted — on an individual basis.

What will happen to businesses not in compliance with GDPR after the May deadline?

Businesses that violate GDPR must alert the authorities of the issue within 72 hours or else face a fine of up to 4% of your company’s annual revenue — or €20 million — whichever is greater.

What role does Managed IT play?

If you’re working with a managed services provider to oversee your IT operations, you’re likely far better off than businesses going in alone. BlackPoint IT Services can determine if your business is affected by GDPR and can help you quickly get your company in compliance. To learn more about how GDPR might affect your business, contact BlackPoint IT Services today