Topics: Web Marketing
With the May 25 deadline fast-approaching, it’s important that you both understand the GDPR and take the necessary steps to ensure that your organization is in compliance.
Here is a high-level overview of what you need to know.
What is the GDPR?
GDPR stands for “General Data Protection Regulation.” In April 2016, the European Union Parliament approved and adopted the regulation to be effective May 25, 2018. The regulation mandates that, should you process data about individuals in the context of selling goods or services to citizens in countries within the EU, you must adhere to certain rules.
Who does the GDPR affect?
The GDPR affects anyone who offers goods or services to, or monitors the behavior of, EU data subjects (regardless of whether or not the company is located within the European Union).
What do I need to do to be GDPR-compliant?
In order to comply with the new rules around protecting customer data in providing a “reasonable” level of protection, organizations must protect all information pertaining to an individual’s basic identity, web data, health and biometrics, racial and ethnic data, political opinions and sexual orientation.
What are the penalties for non-compliance?
An organization can be fined up to four percent of annual global turnover or €20 million, which is the maximum penalty. Additionally, there is a tiered approach to fines (i.e. an organization can be fined two percent of annual global turnover) depending on the severity of the breach. Of note is that the GDPR applies to both controllers and processors (in other words, “clouds” are not exempt from enforcement).
Who is responsible for compliance within my organization?
There are several roles responsible for compliance, including data controllers, data processors, and a designated data protection officer.
For a more detailed description of the GDPR, please visit the official GDPR FAQ page. If you’re not sure if the processes you’ve put into place will ensure compliance, contact Axis41, A Merkle Company, today to speak with our designated data protection officer.