Authorities report over 160,000 data-breach notifications have been filed since the European Union enacted the General Data Protection Regulation (GDPR) that started 25 May 2018. That averages out to 278 breach notifications a day.
U.S. companies are directly impacted by this regulation if their websites are accessible and targeted to EU visitors, meaning;there are options to change languages to a European language or you can adjust denomination to a European denomination. The lawallows for no exceptions; not for size of firm, type of data collected, or scope of activities. If your firm is found to be in violation of the law—even if you are just selling hand-knitted mittens or offering a free download of a white paper—EU authorities can fine you up to four percent of your global revenue. They may not be able to easily collect from small U.S. businesses, but enforcement will certainly cause headaches for any business operating internationally.
What Personal Data Must be Protected
- Personal identification data including name, phone, address, email, ID numbers
- Social media posts
- Racial, cultural, sexual, or ethnic data
- Bank and other financial details
- Medical, biometric and genetic data
- Website data: location, IP address, cookie histories and RFID tags
Selected GDPR Requirements
We advise you to review the specifics of the GDPR with an attorney and your IT leaders. Some of the key requirements include:
- Asking visitor for their consent to collect data
- Getting explicit opt-in to data use in profiling, advertising, etc.
- Providing an opt-out of future emails option
- Offering a privacy notice about data collection, use, and protection
- Mandatory reporting of breaches
Why It Matters to US Companies
U.S. companies need to comply with the GDPR, but that is not the only reason to focus on privacy protection issues now. Various states have begun enacting a patchwork of regulations that affect their residents, impacting any company that hiring or doing business in those states. Notable recent regulations include New York’s SHIELD Act for protecting employee information, California’s Consumer Privacy Act, and 201 CMR 17.00 Standards for the Protection of Personal Information in Massachusetts.
Cyber-security is costly to your reputation and your business. With increased regulation, you face more than the cost of the crime, but also the costs of litigation and fines. If you haven’t done a complete compliance audit yet, now is the time to get started.
Try Trustifi Today
Our Free Trial Is Forever Free
See if Trustifi Is Right for Your Organization