Organizations that have customers in Europe will have a new regulation to comply with in 2018, GDPR, which stands for the General Data Protection Regulation. This new regulation has some real teeth in terms of penalties for not complying, such as fines of 4% of of "turnover," the British term for annual revenue. Got $30 million in annual revenue? Your fine would be $1.2 million. Ouch.
We want to know where you are with your GDPR compliance today, so we set up this Quick Poll. Please click through and let us know your organization's status on GDPR.
What is GDPR?
So just what is GDPR? It's a privacy regulation designed to protect consumers' control over their own personal information. Consumers are empowered to move their information from one service provider to another. Consumers are also empowered to require a service provider or vendor to delete all information about the consumer. This is commonly referred to as "the right to be forgotten."
While companies based in the US may think that this regulation does not apply to them, they may be mistaken. And such a mistake could be very costly. If a company deals with any customers in Europe, the law applies to the data of those customers. Those customers enjoy the privacy protections afforded by GDPR, regardless of whether they do business with European companies or companies based anywhere else in the world.
That leaves the question, do you create and operate parallel privacy programs, depending on where your customers are based? Or do you choose to follow the privacy regulations of the strictest jurisdiction? Which approach is costlier in terms of implementation, lost opportunity, and potential fines? How do you balance the risk with the costs? Let us know in the comments about how you are weighing these important considerations.