What does the EU’s data protection law mean in North America?
We’ve been talking recently about the growth of data protection laws, which regulate how you store and use data collected from individuals and businesses with which you interact. In 2018, one of the more significant data protection and breach notification laws was passed in the European Union. This very significant data regulation is one that can affect organizations in North America even though it is a European law. This law is known as the General Data Protection Regulation of 2018 (GDPR). The GDPR is a major data privacy law that covers anyone who does business in the European Union. Its passage created a ripple effect across the Atlantic. The GDPR increases an individual’s control over their personal data. The law covers the citizens of the 28 nations that are members of the EU and it creates strict standards for the regulation and protection of personal data. In order to be in compliance, any firm doing business within the EU has been updating their terms of service agreements. Additionally, the law has very sharp teeth. The penalties for violating the law are severe. For example, fines can be up to 10 million Euros or 2% of the worldwide revenues of the company in violation, whichever is greater.
You need to take the time to determine if your business is in any way regulated by the GDPR because a violation of the law can yield extremely large fines. You may work and live in North America, but data travels and so do people. The GDPR covers the data of any citizen of the EU, no matter where they may be at any given time.
If you do business within the EU, or if you conduct any marketing campaigns that include residents of the EU, you are likely regulated by the GDPR. Also, you need to verify that any entity which processes data for you is in compliance. In short, if you are unsure about your status under the GDPR, contact a Managed Service Provider and request an audit of your data security measures.