The European Data Protection Regulation will come into effect May 25, 2018, replacing the existing Data Protection Directive 95/46/EC and enacting heavier privacy protection laws for all individuals working, visiting or residing in the E.U.
Despite its European-specific origin and application, the new regulation will affect businesses globally. Any company that handles personal information from individuals who are residing in the European Union during creation will need to comply with the EU GDPR. This is especially difficult in the United States, where many security experts have deemed privacy “dead” and new legislation is making privacy laws less secure.
One example of this new legislation is expected to be signed by U.S. president Donald Trump this week. Craig Aaron, president and CEO of net-neutrality group Free Press Action Fund shares his thoughts on the matter in a recent press release: “Apparently [House Republicans] see no problem with cable and phone companies snooping on your private medical and financial information, your religious activities or your sex life. They voted to take away the privacy rights of hundreds of millions of Americans just so a few giant companies could pad their already considerable profits.” Such a stance is clearly in opposition to the ideas of the EU GDPR and other such regulations in Europe.
Regardless of the political party you support, we can all agree that privacy laws are much more stringent in Europe than they are in the U.S. In the U.S., the government is generally more concerned about monetizing personal data, while European governments are more concerned with protecting it. An example: In Europe, individuals generally need to opt-in to share their information, while they must opt-out in the U.S.
This becomes further complicated when individuals travel or work abroad. Because the EU GDPR covers European ‘data subjects’ and not ‘citizens’ specifically, that means that a U.S. citizen creating private data in the EU, for example, would be protected by GDPR when using EU internet. The question arises: What happens when these U.S. citizens return home? Is that information still protected?
The Threat of Non-Compliance
Non-compliance with the EU GDPR and its strict privacy guidelines will revolutionize the privacy landscape in Europe and beyond. Recently, two large companies—Flybe and Honda—were fined a total of £83,000 by the UK’s Information Commissioner’s Office (ICO) for sending unsolicited marketing emails. The ICO warns that this is just the beginning of hefty fines, in comparison to GDPR. The GDPR will fine up to €20 million or 4% of global annual turnover for unreported data security breaches—as well as additional fines for other data privacy issues.
EU GDPR: The American Way
Americans are prone to ‘America-first’ thinking when it comes to running their businesses. But they still need to comply with global regulations. U.S. global enterprises businesses will be negatively affected if they choose to follow the current administrations’ lead and ignore the consent, privacy and data minimization elements of the EU GDPR. In short, though the U.S. government may not ever match the stringency of EU privacy laws, American organizations must.
Organizations could choose to treat Americans’ and Europeans’ data in different ways, but that would mean purchasing specific storage systems for EU customers and putting different policies and enforcement structures in place to achieve two separate compliance goals. It’s like building a brand-new engine for your car, when you could be doing a tune-up. In other words, though it may require a painful initial investment in training and capital, following global compliance rules, including those applicable to the EU GDPR, will allow your organization to have common enforcement procedures that adhere to the most stringent of all laws.
How to Get Ahead of the EU GDPR
For many U.S. companies, playing to a higher standard is key when it comes to the EU GDPR. In many cases, it’s not even about what your business must do, it’s what you should do for your customers. It’s about protecting all your customers’ private data—regardless of location. In doing so, your company benefits. You may even earn brand advantage if your competitors aren’t treating information as securely as you are. You’re also building digital trust and letting your customers know that you care about their digital presence. And, of course, there are the cost savings of getting it right vs. getting it wrong in terms of noncompliance.
Take your company to the next level. Start your EU GDPR preparedness today. Read Blancco’s EU GDPR information hub for tips.