You may have been reading about the EU’s GDPR privacy changes for a while, but if your company hasn’t complied with it, yet, you are running out of time.
North America doesn’t appear to be the geographic area to be concerned over a European regulation, but – thanks to the all-pervasive data collections of today’s wired business World, if you aren’t ready for this change next month, it could cost you – a lot.
The GDPR (General Data Protection Regulation) will prove to be a seismic shift in global business data collection and management and, as the May 2018 compliance deadline for approaches, many North American companies still don’t fully understand their GDPR obligations, or how non-compliance could deal a blow to their bottom lines. GDPR will change the way business is done like nothing companies here have ever dealt with before. It’s the first time such a massive regulation reaches beyond the borders of the EU and it puts a lot of pressure on companies that have EU residents as clients. It also limits the kinds of personal data that can be collected or held without a specific opt-in, so a lot of companies will be forced to undergo a data houseclean and fundamentally re-think their business strategies.
GDPR makes it clear that individual people are the owners of their own personal data. People have the right to an overview of what kind of data has been collected about them. And what the party holding the data has been done with it. The law also obliges companies to stop using personal data or to hand it over to the person upon request. This means that the way businesses around the world deal with customer data is headed for a ‘Sea-Change’.
One of the best-known hotel chains in the world, just got a fine of $700,000 US for a data breach. This sounds bad, but under GDPR the fine could have been more than $400 million. The same could happen to your company, very soon.
The Hotelier was punished for its late response to a hack that leaked Credit Card and other private information for thousands of clients via a UK-based system belonging to the company. A forensic investigation revealed credit-card targeting malware that potentially exposed cardholder data for a one-month period the previous year.
A second breach, also involving data stealing malware, ran a few months later, and it took the business another nine months after the first intrusion was discovered to notify the public. We hear of this often, but what if your company didn’t know it had been breached (An often-observed situation with our prospects.)?
When provisions of the GDPR go into effect, data “controllers” (organizations that collect data on customers or employees) can be fined up to 4% of annual turnover in the year preceding the incident for failing to meet the law’s charge to protect that data. For our Hotelier, that would mean a cool $420 million dollars – or $1,200 for every customer record lost.
Is your company compliant with GDOR? Do you know what European residents are connected to North American citizens in your database? Will it take a Malware issue to cost you financially? OPUS Consulting’s DataCare program features Data Replication, Back Up and Managed Recovery. It’s time for your business to ‘think European’ in time for May 25.
Leave a Reply
Your email is safe with us.