You’ve most likely heard about the European Union’s General Data Protection Regulation (GDPR) by now. But even if you’re unfamiliar with the term there’s little doubt you’ve already experienced some of its effects – whether you know it or not. Do you know all of those emails from Twitter, Facebook, Instagram, Google, Apple, etc. etc. you’ve been receiving with regards to updates to their Terms of Service agreements? That’s GDPR.
On May 25, 2018, the enforcement of the GDPR went into effect, and it applies to every citizen within the EU and any organization, from one-person shops to Fortune 500 companies, that transacts with them – regardless of the location of the business. That means it affects just about everyone. In this blog post we’ll be examining the purpose of GDPR, why it matters, and the effect it’ll have on the IT industry.
The Purpose of GDPR
In a nutshell, GDPR brings a necessary change to the way our personal data is saved. In a world where data breaches have become commonplace this new set of regulations has been born out of necessity. Although it’s a change to data privacy laws across all EU member countries, it affects the entire world. That’s because these laws are applicable to all EU citizens as well as any company doing business with a citizen of the EU. This means, for example, if you’re selling homemade electronics out of your mother’s basement in York, PA and you ship to a buyer in Hamburg, Germany, you’re affected.
Here’s how it works: Under the GDPR, before processing any personal data, a business must ask for explicit permission from the buyer. And this request cannot be buried in a long-form legal document. The request must use clear language and must be given for a specific purpose separate from other documents and policy statements (i.e. Terms and Conditions or Privacy Policies).
Summarily, it’s the EU’s attempt to revamp data security practices so that data breaches, such as the ones which affected Equifax and Target, don’t happen again.
Why GDPR Matters
If yours is a company who regularly does business in the EU, or even just on occasion, you’ll want to adhere to the GDPR. But not only because keeping customers personal data and private information should be of the utmost importance to you. It’s also significant because, if violated, companies can face a stiff penalty. Penalties would be levied as fines which could reach up to 20 Million Euro or 4% of a company’s worldwide annual revenue (whichever of the two is greater), potential payments to the victims of any data breach resulting from non-compliance, official reprimands, as well as other additional penalties from the nation in which the offense occurred.
GDPR’s Effect on the IT Industry
Due to the severity of the fines, all companies that process data should take this new regulation very seriously and especially those within the IT industry. Cloud providers and data center providers, especially, will have to adopt stricter security measures, standards, and processes within their organizations to protect and handle customer data to ensure they remain compliant with GDPR.
However, this also means that there will be massive opportunity for those within the industry to shape the way businesses protect and secure their data by educating the masses, reforming corporate data practices, and leading the way in security products and services.
Of course, this also shines more light on the skills gap plaguing the industry. Now more than ever, the need for cybersecurity professionals, compliance professionals, and Data Protection Officers is of the utmost importance. That means the time to partner with an organization who is skilled in finding such elusive talent has never been better. So if your company is scrambling to comply, contact PSCI today and we’ll help you find those professionals who can keep your organization compliant and secure.