General Data Protection Regulation (GDPR) may have a specific effective date, but the expectations pre-implementation are still ever-changing. There are debunked myths and key questions (covered in our two previous GDPR blog posts). It’s been about a month since we last updated information on these upcoming rules.
If you didn’t read the last update, here are the basics: GDPR officially starts on May 25, 2018, when you must comply by having a secure method of storing and collecting an EU citizen’s private information. The regulation applies to all businesses that hold and process data collected in the EU, regardless of your location, meaning you don’t need to be in the EU to be concerned about this law. Not being prepared can put you at risk of an audit and fines, or potentially 4 percent of your global revenue.
Now that you have the basics, here’s the latest on GDPR from around the internet:
Almost a third of UK business leaders have not heard of GDPR. This figure raises concern, to say the least, considering that GDPR is less than eight months away from going into effect. While approximately 40% of those surveyed in the IoD (Institute of Directors) weren't sure if the GDPR would affect their business, 86% of those that do understand the regulation expect to be fully compliant by May 2018.
American companies still (yes, still) don't know what GDPR means for them. While the goal of GDPR is to protect the data of EU citizens, US companies are required to adhere to the regulations if they have clients in the EU. This article notes that GDPR is just the beginning of changing data laws that focus on protecting consumers on a global scale. This focus on protection, in part, serves to rebuild customer trust by creating new assurance that companies can handle sensitive information responsibly.
The cost of noncompliance may run deeper than your pockets. While it's commonly known that the fines for GDPR can equal up to 4% of your company's global revenue, no one will know for sure exactly how much the fines will be. That is, until the first fines are actually issued. There's also a hidden cost to a GDPR violation: your company's repuation could take a major hit in the event of a violation.
GDPR may hinder KYC for insurers. KYC, or Know Your Customer, may be affected by GDPR's restrictions on customer data management. While insurers use KYC for other compliance reasons, they will now have to make sure that those practices are consistent with GDPR requirements. In some countries with strict data laws, the changes might not be an issue, but companies are taking precautionary measures.
Hopefully, these latest articles will help you prepare for GDPR. Stay tuned to the Hanzo blog for the latest recaps and updates as they roll in; after all, there will always be more GDPR news before the actual implementation, and you’ll want to be ready every step of the way. If you’d like to learn more about Hanzo, we’d love to hear from you.
What’s your risk? Schedule a time to speak with an expert from the Hanzo team to determine if and how GDPR applies to your organization.