The European Union’s General Data Protection Regulation’s (GDPR) came into effect on 25 May 2018. The GDPR law has triggered several immediate changes. The new regulation safeguards security and privacy rights for users. GDPR has forced companies to change their practices on data gathering and processing in many ways.
As every company that does business with citizens of the EU has to comply regardless of where they are based, the law has had a pronounced effect on technology firms, marketers, and other companies that handle large quantities of data.
International companies such as Facebook, Apple, and Google have dealt with the compliance rules differently. While Facebook added more tools for users to control their privacy, they also took the initiative to nudge people to agree to face recognition systems. Google was more discreet about their
changes, without informing its users. Apple also made sure to get its users consent to their latest tools.
Had they not complied, they could have been fined up to $9.3 billion in total per company. Wanting to keep their market in Europe, companies should comply with the regulations as it is helpful for them and their customers.
Being unable to meet the requirements of the legislation could mean fines from the European Union. A simple thousand-dollar fine for a data breach pre-GDPR can go up to a million-dollar fine now. To be GDPR-compliant, companies may execute the following steps to minimize exposure and risk:
1. Create a GDPR team to sift through current data flow
A team should be appointed to sift through the organization’s data, review the data collected and document the flow and processes used to acquire data. After going through the data, remove contacts who did not consent to mails or other offers and take note of the sources of the mailing list.
2. Review personal data collection process
3. Manage current database
Verify with your existing contacts if they still want to receive updates, app notifications, and emails from your company. Allow them to manage communication preferences and choose if they prefer receiving newsletters instead of promo emails. The user will also
be given the power to choose how frequent would they want to receive updates from their subscription.
5. Formulate a plan for a data breach
The GDPR states that data breaches should be reported within 72 hours of becoming aware of the breach and encourages organizations to create an action plan. Educate all employees to prevent cybercrime from happening. Once the breach happens, publish an announcement and notify those involved or affected.
Wilson Consulting Group is an innovative global cybersecurity consulting firm headquartered in Washington D.C., with a European office in London, England.
Our goal is to ensure that our clients are compliant, secure, and protected so that their customers will also feel assured. WCG is committed to assisting organizations as they work to meet the requirements of the GDPR. Further information is available at https://www.wilsoncgrp.com.