41% of organizations are a year away from GDPR compliance

(Source: 2018 Compliance Report)

The General Data Protection Regulation (GDPR) is a legal framework that applies to all organizations anywhere in the world that handles, stores, or processes the personal data of EU citizens. It dictates the procedures and consequences surrounding breaches and notification. GDPR came into effect across the EU on May 25, 2018.

GDPR Standards

• You must ask for strict “opt-in” consent each time and for each purpose your organization
  uses a customer’s data
• You must allow EU citizens to withdraw consent and prove deletion of consumer data
• EU citizens may request their information at any time and you must provide it
• You must notify authorities of data breaches within 72 hours of occurrence

GDPR Consequences

• Fines of up to $20 million or 4% of global turnover, whichever is greater, per incident
• Risk of class action lawsuits from data breach victims
• Damage to your company’s brand and erosion of consumer trust
• Long-term revenue loss

GDPR Compliance Tips

• Give customers an opt-out option in regard to their personal data as well as confirming that your business has permission to use their data.
• EU individuals can request to have their data deleted. Take a proactive approach and go ahead with deleting irrelevant data as it comes in.
• Have a plan in place to detect, investigate, and report a data breach within 72 hours should it happen.