There is a shroud of mystery when the European General Data Protection Regulation is mentioned and it’s a feeling that is common throughout Europe and abroad.
How will GDPR affect organizations, marketers and citizens? The end goal is the security and protection of sensitive data of EU citizens. If this requirement is ignored, then the resulting fines will be damaging. News of this will have sent shivers down boardroom level executives to avoid such punishments, which is why understanding the rules of GDPR is critical.
Here are 3 myths exposed which could save your business millions:
GDPR is an issue for Europe only – Wrong
GDPR, although a European legislation, will not be exclusive to just the members of the EU. Instead, it will affect any organization outside the EU that stores the personal data of EU citizens, regardless of its location. Therefore, those outside of the EU cannot have the illusion that GDPR does not apply to them and should have the necessary data protection systems in place before its inception, especially if they want to do business in Europe. And let’s face it – it’s not a market that most businesses can afford to ignore.
The fines are the biggest setback – Yes & No (reputation and damages)
Of course, no company wants to incur unforgiving fines. Penalizing 4% of the global revenue or €20 million could even send some organizations into bankruptcy. It is worth remembering that these fines are only issued to those who neglect the laws if they don’t adhere to the basic principles for processing data or fail to inform the necessary regulators within 72-hours - the deadline given to those who have suffered a data breach.
However, there are still many enterprises that will have the ability to survive the financial penalties, but the one thing they cannot overcome so easily is the damage sustained to the reputation of the business. Public perception and trust are things money simply cannot buy.
Personally Identifiable Information (PII) is the only data companies have to worry to about - Incorrect
GDPR has been designed to keep data protection the main focus for enterprises, leaving no department exempt. It also leaves no room for error with the responsibility for data protection left solely in the hands of the organization. Yes, this is any sensitive PII, but it also includes IP addresses and cookie tracking. To be on the safe side, organizations should enter preparations for the new rules with the mentality that all data is sensitive data.
The time to act is now. Start looking for data protection solutions that use encryption throughout the data’s entire lifecycle and can be used and searched easily without creating extra headache for the organization – especially for those who wouldn’t be classed as IT professionals. Technology, such as the eperi Gateway, that don’t negatively impact on the business and productivity is a good place to begin.