GDPR: Europe’s Data Compliance May Kill Your Global Business
Every enterprise has its own industry and government regulation and compliance issues to grapple with, but the forthcoming General Data Protection Regulation (GDPR) could be the straw that breaks the proverbial camel’s back for global business revenue and reputation.
On May 25, 2018 – less than a year away – GDPR’s new mandates will go into effect, bringing with it the most stringent compliance rules businesses around the globe have seen. Enterprises that have any dealings, holdings, or customers within the European Union (EU) must comply or face crippling monetary fines.
What is GDPR?
General Data Protection Regulation was created by the European Parliament, Council of European Union and the European Commission intended to strengthen and unify data protection for all individuals within the EU. Essentially, the new regulation was created to harmonize data privacy laws across Europe, and “protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy,” according to a dedicated GDPR public relations website.
Why does it impact the global economy?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations outside the EU if they offer goods or services to, monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
So, what needs to be secured? The GDPR is calling any information that constitutes personal data or “Data Subject” that can be used to identify a person, whether directly or indirectly, including a name, photo, email address, bank details, posts on social networking sites, medical information, or a computer’s IP address. In addition, clouds will not be exempt from GDPR enforcement.
And here’s where it gets hairy.
The penalties for non-compliance are massive. An organization that breaches GDPR will be fined in a tiered format, with a maximum of 4% in annual global revenue, or $21.5 million – whichever is highest.
Of course those figures would strike fear into the hearts of any business, and onus is now on the IT department to ensure proper security and data protection protocols are in place. While nearly all organizations have those pieces in place, many aren’t up to code in adherence with the forthcoming GDPR.
A recent report with more than 900 survey respondents showed global businesses are certainly worried about the new compliance measures:
- 47% of organizations said they fear they won’t meet the requirements of the legislation in time
- 18% are worried non-compliance could put their organization out of business, based on the weight of the fines
- In addition, 21% expressed concern that staff layoffs may be necessary to offset financial penalties
- Just 7% said they have no concerns, as they’re already compliant
Finally, the survey showed two-thirds of respondents expect to spend on average $1.432 million reading to be fully compliant with GDPR before its May 2018 live date.
The concerns are clearly wide-ranging and on the forefront for decision-makers in the business. It’ll be imperative for IT to collaborate with lines of business to ensure proper solutions are acquired and implemented with enough time to find existing gaps and make proper patches where needed.
A two-day event titled Enterprise Mobility Exchange: Security East will be held in Miami, Florida this October, bringing together c-level, VPs, Heads, and Directors of IT across all industries looking to network, benchmark, and share information in the world of mobile security – a clear sticking point for organizations operating in the EU.
The event will also include onsite mobile security solution providers looking to learn from end users and share their business objectives with industry leaders. To find out more about the Enterprise Mobility Exchange: Security East, visit here.
See who attended the Enterprise Mobility Exchange: Security West event held in April and what value they found in joining the event with a post-event report here.