What is GDPR? The huge European security regulation takes effect this week

A woman poses near European flags as she visits she EU headquarters in Brussels on May 5, 2018. Companies in the U.S. are preparing to comply with the EU's new online privacy rules, known as GDPR. — John Thys / AFP/Getty Images
A woman poses near European flags as she visits she EU headquarters in Brussels on May 5, 2018. Companies in the U.S. are preparing to comply with the EU’s new online privacy rules, known as GDPR.

PUBLISHED: May 22, 2018 at 10:10 a.m. | UPDATED: May 22, 2018 at 8:01 p.m.

The European Union’s General Data Protection Regulation, or GDPR, goes into effect on May 25. Is your company ready?

The objective of the regulation, which passed in 2016, is to simplify and consolidate rules that companies need to follow in order to protect their data and to return control to EU citizens and residents over their personal information.

Individuals in the EU will have the right to access or request that companies erase or migrate their data elsewhere. When asked, companies must prove to authorities that they have satisfactory policies and procedures in place to protect their data, or they will face huge fines. How huge? If your company’s not compliant, the fines could be as large as 20 million Euros (about $24 million) or four percent of your annual global revenue, whichever is higher.

The GDPR doesn’t apply to only big companies. Small businesses, nonprofits, research firms and solopreneurs – wherever they’re located – are also subject to these rules. All that needs to be proven is that the company sells or collects data from EU individuals.

The law is also confusing to many, so much so that some lawyers say it may even apply to U.S. citizens visiting Europe.

“A U.S. tourist who visits Germany for one day and returns to the U.S. has rights under the law if that person used [a service like] Facebook while on the trip,” Alex Stern, an attorney wrote on his firm’s blog. “Organizations may still be wildly underestimating the scope of the GDPR.”

Underestimating the scope is definitely a problem. According to a report issued last month by technology publisher CompTIA, only 52 percent of the 400 U.S. companies it surveyed said they’re either exploring the applicability of GDPR to their businesses, have determined it doesn’t affect them or are unsure. Of the firms that say they would be affected, only 13 percent thought they would be compliant – 35 percent said they aren’t there yet.

“Companies subject to the regulations are running a huge financial risk by failing to put a GDPR plan in place,” Todd Thibodeaux, CompTIA president and CEO said in a news release.

News |
What is GDPR? The huge European security…

News |
What is GDPR? The huge European security regulation takes effect this week

More in News

Crime and Public Safety |
Sons of Boston bouncer pleads guilty to manslaughter in St. Patrick’s Day 2022 stabbing death, sentenced to 17 to 20 years

Education |
As Marine Leadership Academy’s embattled principal receives a promotion at CPS, parents demand accountability

At least 8 robbed within minutes of each other overnight, some violently in Loop, North Side

National News |
New York appeals court overturns Harvey Weinstein’s 2020 rape conviction from landmark #MeToo trial

Trending Nationally

Share this:

More in News

Trending Nationally