Think quick: Are you ready for the GDPR?
If your first thoughts were “no,” or “I don’t know,” (or even “What is GDPR?”), the good news is that you’re not alone. Many companies simply don’t know enough about this new regulation, and what they need to do to prepare now.
To help, we wrote this article to provide a general overview of the GDPR and how it could affect your organization. We also give you a checklist of many actionable tips and strategies you can follow to begin your GDPR preparations now. Disclaimer: When considering how to deal with issues of a legal nature, we always advise consulting with qualified counsel. You should not interpret these tips to be substitutes for real legal advice provided by your legal department or outside counsel.
If you’re looking for information about what Liveclicker has done to achieve compliance and how this benefits our customers, you can find it in this blog. (For all of this information, all in one place, please request Liveclicker’s GDPR Overview document from your Liveclicker account development manager or sales rep, as appropriate. )
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation that is intended to strengthen and unify data protection and privacy controls for all individuals within the European Union (EU) by mandating stricter data collection and storage practices.
GDPR will be legally binding and enforceable beginning May 25, 2018 and will have costly penalties for those companies that fail to comply. For example, any organization that has a presence in the EU or the UK could face a fine of €20M or four percent of total annual revenue (whichever is higher) for non-adherence to the core principles of processing personal data, infringement of the rights of data subjects, or the transfer of personal data to countries or organizations that do not ensure an adequate level of data protection.
If your company does business with citizens in the EU, the GDPR could definitely affect your organization. Yet the GDPR is not just a concern for organizations based in European countries. For example, U.S. laws now allow EU countries to create class-action lawsuits against U.S. companies, which may have to be defended in each country. Additionally, 29 U.S. states now have similar laws and can impose fines within 30 days of a breach where personally identifiable information (PII) is lost or exposed.
If your organization collects email addresses from EU citizens or sends commercial email messages to EU citizens, you could be at risk.
As a result, understanding GDPR – and doing all you can to prepare – is vital to make sure you’re in compliance.
A GDPR checklist: Follow these steps to achieve compliance now
According to the GDPR, any company that collects data on EU citizens (such as email addresses) and decides how that data is used (such as sending email to EU citizens) is an entity known as a “Data Controller.”
If your organization is a Data Controller, you need to take steps to achieve compliance with the GDPR:
We hope this information is valuable as you begin to consider and implement GDPR strategies that are right for your organization.
Find more information about what we’ve done to achieve compliance, how this benefits our clients, and ways you can reap the same benefits here.